Subject: lib/3609: login id's longer than 8 characters quietly fail
To: None <gnats-bugs@gnats.netbsd.org>
From: None <eric@cirr.com>
List: netbsd-bugs
Date: 05/11/1997 21:44:09
>Number: 3609
>Category: lib
>Synopsis: login names are quietly limited to eight (8) characters
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people (Library Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun May 11 19:50:00 1997
>Last-Modified:
>Originator: Eric Schnoebelen
>Organization:
Central Iowa (Model) Railroad, Dallas, TX, USA
>Release: 1.2
>Environment:
System: NetBSD opus 1.2 NetBSD 1.2 (GENERIC) #4: Fri Sep 27 22:03:25 MET DST 1996 pk@kwik:/usr/src1/sys/arch/sparc/compile/GENERIC sparc
>Description:
NetBSD silently enforces a limit of eight characters on
the login name (pw_name field of struct pwd). A login name
of more than UT_NAMESIZE characters cannot be found in
/etc/spwd.db or /etc/pwd.db, as it is stored at full length,
while getpwnam() limits its search to UT_NAMESIZE characters.
>How-To-Repeat:
create a user with a nine character login name, and then attempt
to change the password. passwd(1) will return ``passwd: unknown
user abcdefghi''
>Fix:
pwd_mkdb can be modified to enforce the same limitations as used
by getpwnam(3), and login/rlogin/su works. However, passwd(1)
and chpass continue to fail.
Consistancy needs to be introduced to make sure that everything
accessing the password database is using the same login name
length (either unlimited, or UT_NAMESIZE).
>Audit-Trail:
>Unformatted: