Subject: Re: login: first try only accepts 16 letter (or less) usernames
To: Thomas Klausner <wiz@NetBSD.org>
From: John Nemeth <firstname.lastname@example.org>
Date: 05/22/2005 04:53:50
On Oct 11, 11:46am, Thomas Klausner wrote:
} On Sat, May 21, 2005 at 03:36:01AM -0700, John Nemeth wrote:
} > I don't know if it is known behaviour. No, it shouldn't be this
} > way. The first problem is the POLA violation in asking for the
} > password before you hit return. The second problem is that our utmpx
} > allows a "loginid" of 32 characters. If your "loginid" had more then
} > 16 characters, it might be valid; but, you wouldn't be able to login on
} > the console or a serial line without making two attempts to do so.
} Thank you for the analysis. I filed PR bin/30295 for this.
No problem. I just took a look at the getty code. It uses
LOGIN_NAME_MAX from sys/syslimits.h. It would be easy enough to change
this, but an analysis would need to be done to see what other issues
arise from changing it. I noticed that you primarily work on
documentation, are you a programmer?
I just looked at the PR and see that Christos is arguing for not
changing it. I think the idea of automatically asking for the password
after 16 characters have been entered is strange. I can live with it,
but I don't think tradition is a particularly good argument. I don't
believe in change for the sake of change, but if there is a good reason
to change something then we should consider it. As for LOGIN_NAME_MAX,
I would argue that it is incorrectly set given that our utmpx structure
can handle 32 character "loginid"s. Note that our utmp structure is
the traditional one that can only handle 8 character "loginid"s, so it
isn't particularly relevent.
}-- End of excerpt from Thomas Klausner