HPE Community
Operating System - HP-UX
1833004 Members
2790 Online
110048 Solutions
New Discussion

Re: HP-UX v11.3 Trusted mode user length support.

 
Dr. Zoidberg
Occasional Advisor

‎09-10-2008 04:53 PM

‎09-10-2008 04:53 PM

HP-UX v11.3 Trusted mode user length support.

Can anyone point me to some HP docs were I can find more info about why HP-UX v11.3 can NOT support usernames longer than 8 characters when in a Trusted mode environment ?

I need some good doc(s) to present to some of the managers and VPs over here, to show them the reasons of why this is so.

Thanks for any help.

Dr. Z.

----
Microsoft is a cross between the Borg and the Ferengi. Unfortunately they use the Borg to do their marketing and the Ferengi to do their programming.
0 Kudos
Reply
7 REPLIES 7
Ollie Rowland
Frequent Advisor

‎09-11-2008 12:51 AM

‎09-11-2008 12:51 AM

Re: HP-UX v11.3 Trusted mode user length support.

Hi,

I'd check this out:
http://www11.itrc.hp.com/service/patch/patchDetail.do?patchid=PHCO_34806&sel={hpux:11.00,}&BC=main|search|

With this you WILL be able to use usernames with more than 8 characters, although HP definitely don't recommend it.

Hope this helps...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-11-2008 01:05 AM

‎09-11-2008 01:05 AM

Re: HP-UX v11.3 Trusted mode user length support.

Shalom,

Not entirely correct.

Trusted System was dropped from HP-UX 11.31.

So using trusted system product to support this is not going to work as this is obsolete and like NIS+ been dropped from 11.31

You can make HP-UX support user names larger than 8 characters.

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=StdModSecExt

But this creates interoperability problems with older HP-UX systems and simply should not be done unless you plan to have a pure 11.31 environment.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Dr. Zoidberg
Occasional Advisor

‎09-12-2008 01:35 PM

‎09-12-2008 01:35 PM

Re: HP-UX v11.3 Trusted mode user length support.


Where are the documents that acknowledge such claims ? "Trusted system support droped from v11.3" ? I would need those to show the big wigs over here.

Anybody else has any good leads for proper docs on the subject ? I am looking at white papers and direct documents from HP that will show/let me know that the new version (v11.3) will be able to run in trusted mode environment, and what is the maximum length of a username in such environment.

So far, I have the following docs directly from HP:

HP-UX v11.3 long username reference: http://docs.hp.com/en/5991-6469/ch05s46.html
HP-UX Trusted System reference: http://docs.hp.com/en/B2355-90121/ch01s02.html

However I do not have the why this is so.

Dr. Z.
0 Kudos
Reply
Tim Nelson
Honored Contributor

‎09-12-2008 01:44 PM

‎09-12-2008 01:44 PM

Re: HP-UX v11.3 Trusted mode user length support.

Search the 11.31 release notes for the word trusted. Many hits...

http://www.docs.hp.com/en/oshpux11iv3.html#Release%20Notes


0 Kudos
Reply
Dr. Zoidberg
Occasional Advisor

‎09-12-2008 02:08 PM

‎09-12-2008 02:08 PM

Re: HP-UX v11.3 Trusted mode user length support.


Tim.

That's the same info that I have in my reference URLs, and that's also why I started this thread, to try to get specific reasons, or docs for why this is so.

The fact of the matter is this:

New: Long Username / Groupname: Current limit enhanced from 8 to 255 bytes. By default 8 is still the limit. With an enabler this limit can be enhanced to 255. Once enabled, cannot be disabled in the future. Not supported for trusted systems.

Since I am running right now in trusted mode with v11.1, then an upgrade to v11.3 will not allow me to use long names, since it is not supported, and I just want to know why this is so.

Anybody else ?

Anyone from inside HP with proper expertise in this particular subject matter ?

Dr. Z.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-12-2008 06:54 PM

‎09-12-2008 06:54 PM

Re: HP-UX v11.3 Trusted mode user length support.

> reasons of why this is so.

This is a classic (30 year) limitation of Unix systems although some vendors have stretched the limitation including HP-UX. However, you can definitely count on many applications to break, databases in particular and many commercial products.

You see, the problem is that the field size was defined a long time ago (prehistoric times some might say). The username is not just an entry in /etc/passwd but is displayed in many support programs such as SAM and found in thousands of utilities and freeware. You can report to your management that trying to jam-fit Windows standards into Unix, Mac and mainframes will generate very high support costs. Just as special characters in passwords can create problems in virtually every operating system, the CTO and IT managers need to realize that tools like Active Directory and LDAP that tie systems together will only be successful when the lowest common denominator becomes the standard.

As far as documentation, point to the man page for passwd(4) (hint: man 4 passwd and look at the Warnings section at the end). In 11.23 and earlier, the limit is 8 with the appropriate warning: "Results are unpredictable if these fields are longer than the limits specified above." Now do the same thing for various flavors (and versions) of Linux, Solaris, AIX, etc... Then check the docs for your mainframes...


Bill Hassell, sysadmin
0 Kudos
Reply
Dr. Zoidberg
Occasional Advisor

‎09-15-2008 03:49 PM

‎09-15-2008 03:49 PM

Re: HP-UX v11.3 Trusted mode user length support.


Bill.

Thanks for your reply.

I was afraid of this, and so now I have to make the big wigs understand why this is so. However I wanted to provide them with some docs to show them that I am not pulling this from thin air, or that I am not BSing them.

Sometimes they tend to get defensive when they do not understand why something as simple as the username length can cause so many sync problems with the whole IT structure, and since we have HP-UX, Solaris, Linux, and Microcrap in site, then things get more complicated when trying to play nice with everyone.

Nevermind about updating from 11.1 to 11.3, since it would be a full re-install of the OS in order to accomodate the new SAN and all the different device names, on top of everything else.

Anyway, thanks again.

Dr. Z.

----
Microsoft is a cross between the Borg and the Ferengi. Unfortunately they use the Borg to do their marketing and the Ferengi to do their programming.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.