Subject: Re: login: first try only accepts 16 letter (or less) usernames
To: Thomas Klausner <>
From: John Nemeth <>
List: current-users
Date: 05/22/2005 04:53:50
On Oct 11, 11:46am, Thomas Klausner wrote:
} On Sat, May 21, 2005 at 03:36:01AM -0700, John Nemeth wrote:
} >      I don't know if it is known behaviour.  No, it shouldn't be this
} > way.  The first problem is the POLA violation in asking for the
} > password before you hit return.  The second problem is that our utmpx
} > allows a "loginid" of 32 characters.  If your "loginid" had more then
} > 16 characters, it might be valid; but, you wouldn't be able to login on
} > the console or a serial line without making two attempts to do so.
} Thank you for the analysis. I filed PR bin/30295 for this.

     No problem.  I just took a look at the getty code.  It uses
LOGIN_NAME_MAX from sys/syslimits.h.  It would be easy enough to change
this, but an analysis would need to be done to see what other issues
arise from changing it.  I noticed that you primarily work on
documentation, are you a programmer?

     I just looked at the PR and see that Christos is arguing for not
changing it.  I think the idea of automatically asking for the password
after 16 characters have been entered is strange.  I can live with it,
but I don't think tradition is a particularly good argument.  I don't
believe in change for the sake of change, but if there is a good reason
to change something then we should consider it.  As for LOGIN_NAME_MAX,
I would argue that it is incorrectly set given that our utmpx structure
can handle 32 character "loginid"s.  Note that our utmp structure is
the traditional one that can only handle 8 character "loginid"s, so it
isn't particularly relevent.

}-- End of excerpt from Thomas Klausner