HPE Community
Operating System - HP-UX
1833695 Members
3628 Online
110062 Solutions
New Discussion

Max userid lenght

 
SOLVED
Go to solution
Tommy_6
Regular Advisor

‎12-17-2002 12:59 PM

‎12-17-2002 12:59 PM

Max userid lenght

Hi everyone
I'm trying to add a couple of users to our system, but they require a userid longer than 8 characters. The useradd command returns an error saying the login is invalid. SAM will not allow you to enter anything over 8 characters. Does anyone know of a way to generate a userid over 8 characters?

Thanks,
Tommy
0 Kudos
Reply
12 REPLIES 12
Pete Randall
Outstanding Contributor

‎12-17-2002 01:24 PM

‎12-17-2002 01:24 PM

Re: Max userid lenght

Tommy,

I'm not sure you can have ID's more than 8 characters but you could try manually editing /etc/passwd - leave the password field blank then use the passwd command to set it afterwards.

Pete

Pete
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-17-2002 01:28 PM

‎12-17-2002 01:28 PM

Re: Max userid lenght

You didn't bother to mention what OS version you are running but if you are running 11.0, PHCO_26089 will 'correct' your 'problem'. Look at the equivalent patches section for other OS releases. Having said this, I strongly urge you not to do this but rather use an abbreviated form of their names to limit it to 8 characters. There is a very good chance that your are going to break applications that make assumptions about the length of the pw_name field. The limit of 8 has been in place since the antiquity of UNIX and you should only consider violating this taboo only you have a very compelling reason and understand the consequences of your actions.

If it ain't broke, I can fix that.
Reply
Patrick Wallek
Honored Contributor

‎12-17-2002 01:32 PM

‎12-17-2002 01:32 PM

Re: Max userid lenght

If you do a 'man 4 passwd' to look at the layout of the passwd file, you will find down in the document the following:

"The following fields have character limitations as noted: Login name field can be no longer than 8 characters"
0 Kudos
Reply
John Poff
Honored Contributor

‎12-17-2002 01:32 PM

‎12-17-2002 01:32 PM

Re: Max userid lenght

Hi,

I've done it before when I was messing with Samba, but the accounts I did it with weren't active Unix accounts. I used 'vipw' to get the longer account names. After I figured out how to use the user map file in Samba I got out of doing the long user names.

I agree with Clay. Don't do it unless you absolutely have to. I'm just curious, but why do they require a userid of more than 8 characters?

JP
Reply
Leif Halvarsson_2
Honored Contributor

‎12-17-2002 01:40 PM

‎12-17-2002 01:40 PM

Re: Max userid lenght

Hi,
It is possible to add a user with more then 8 characters manualy (to the passwd and group file) but it seems to be impossible to login with this user ( but it is possible to do a "su" ). In short, a user name can have more then 8 characters but login can't handle such users).
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-17-2002 01:43 PM

‎12-17-2002 01:43 PM

Re: Max userid lenght

If you can't go more than 8 characters, how do you accept LDAP users on an HP box.

I've seen setups that hp education did with user names like mine, investmenttool@speakeasy.net

How does that work?

Steve
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎12-17-2002 01:50 PM

‎12-17-2002 01:50 PM

Re: Max userid lenght

That's part of what the patch I mentioned does. It includes a patch for libpam but it also includes some rather strong warnings.
If it ain't broke, I can fix that.
0 Kudos
Reply
Tommy_6
Regular Advisor

‎12-17-2002 02:01 PM

‎12-17-2002 02:01 PM

Re: Max userid lenght

Thanks for all the help, forgot to mention i'm runnning 11.0. I'm thinking about using the PHCO_26089 patch. Does anyone have any experience with this patch or know of any particular problems by going this route?

Thanks again,
Tommy
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-17-2002 03:09 PM

‎12-17-2002 03:09 PM

Re: Max userid lenght

Take it from me, you DON'T want to turn on long login names. You have to create a file with a name that says you fully understand that this is not supported and will have unexpected consequences.

The problem is that anyone that tries to jam-fit one unrelated operating system into another is doomed to a life of sysadmin troubleshooting. The 8-char limit has been around for a very long time (a couple of decades) and there are so many commands and applications that depend on 8-or-less that you'll spend most of your time trying to figure out a workaround.

So most of HP-UX will probably work, but then there's those pesky applications like Oracle and Sybase and SAP and Broadvision and PeopleSoft and so on... Each one may have a dependency that you don't know about.


Bill Hassell, sysadmin
Reply
doug hosking
Esteemed Contributor

‎12-19-2002 07:38 AM

‎12-19-2002 07:38 AM

Solution

Re: Max userid lenght

The doc file for the previously referenced patch has useful information about some of the pitfalls. One of them is that even with the patch, trusted mode will NOT support user names more than 8 characters in length. The internal data structures simply don't have enough space, no matter how many override options you enable. Trying to bypass the
existing limit checks is like playing with fire. It looks fun for a while, but eventually you are very likely to be badly burned. Silent data corruption, security holes
from buffer overflows and functional problems are all very real possibilities if you bypass the limit checks.

As the author of the original patch, I very, very, very strongly urge you NOT to try to bypass this limit. The patch was created under protest, to address the needs of one very specific customer with very limited
dependencies on applications. The patch does not, can not and never will add real support for long user names. It simply disables some sanity checks that were originally added to force users to notice that they had exceeded a system limit.

HP is very much aware of the desires of our customers to raise this limit, and hopes to properly address the issue in a future release of HP-UX. If it were simple to do, we would have patched it long ago. Unfortunately, 30+ years of UNIX history and some less than perfectly specified APIs make it a lot harder than it first appears to really increase this limit, especially in patches.

It's worth noting that HP-UX isn't the only flavor of UNIX that has this limit, despite what the vendor documentation sometimes states or implies. It's not my goal to bash our competitors, but I'll say that it only took me a few minutes to find very serious functional bugs in some other UNIX variants that APPEARED to allow long user names.

For security, compatibility, interoperability, data integrity and other reasons, I strongly urge you to think very carefully about the risks inherent in bypassing these limits. The checks and warning messages exist for very good reasons. Bypass them at your own risk.
Reply
W.C. Epperson
Trusted Contributor

‎12-19-2002 09:26 AM

‎12-19-2002 09:26 AM

Re: Max userid lenght

Bill and Doug are giving excellent advice. But sometimes you gotta do stuff you know could cause problems.

I've dodged some of the problems with other Unixes in the past by using dual /etc/passwd entries. Most of the problems caused by long names appear to be from applications calling getpwnam and getting back a longer pw_name than expected. If you put in two passwd entries for the uid, with the first one having a legal name, you'll dodge many of these problems. E.G.
imshort:r9x4sgrzLHzKs:250:27:Some Person,MIS,804/555-1212,:/u01/u/imshort:/usr/bin/ksh
imtoolong:r9x4sgrzLHzKs:250:27:Some Person,MIS,804/555-1212,:/u01/u/imshort:/usr/bin/ksh
The user will be able to authenticate as "imtoolong", but will be seen as "imshort" by most processes. But if it works in your context, you've "gotten away" with it, rather than "fixing" it. YMMV. Won't work on Trusted System or NIS. Don't run with scissors.
"I have great faith in fools; self-confidence, my friends call it." --Poe
0 Kudos
Reply
Tommy_6
Regular Advisor

‎12-20-2002 07:02 AM

‎12-20-2002 07:02 AM

Re: Max userid lenght

I want to thank everyone for the help on this subject. You should all give yourself an applause. After reading everyone advise, we're going to stick with login id under 8 characters.

Thanks again!!!!

Tommy
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.