>Number:         3609
>Category:       lib
>Synopsis:       login names are quietly limited to eight (8) characters
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 11 19:50:00 1997
>Last-Modified:
>Originator:     Eric Schnoebelen
>Organization:
Central Iowa (Model) Railroad, Dallas, TX, USA
>Release:        1.2
>Environment:
	
System: NetBSD opus 1.2 NetBSD 1.2 (GENERIC) #4: Fri Sep 27 22:03:25 MET DST 1996 pk@kwik:/usr/src1/sys/arch/sparc/compile/GENERIC sparc


>Description:
	NetBSD silently enforces a limit of eight characters on
	the login name (pw_name field of struct pwd).  A login name
	of more than UT_NAMESIZE characters cannot be found in
	/etc/spwd.db or /etc/pwd.db, as it is stored at full length,
	while getpwnam() limits its search to UT_NAMESIZE characters.

>How-To-Repeat:
	create a user with a nine character login name, and then attempt
	to change the password.  passwd(1) will return ``passwd: unknown
	user abcdefghi'' 

>Fix:
	pwd_mkdb can be modified to enforce the same limitations as used
	by getpwnam(3), and login/rlogin/su works.  However,  passwd(1)
	and chpass continue to fail.

	Consistancy needs to be introduced to make sure that everything
	accessing the password database is using the same login name
	length (either unlimited, or UT_NAMESIZE).
>Audit-Trail:
>Unformatted: