Date: Mon, 27 Dec 1999 18:45:18 +0100 (CET) From: "Kurt Jaeger" <pi@complx.LF.net> To: phantom@cris.net (Alexey Zelkin) Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: misc/13152: systemwide username too short (currently 16 char, should be 64 or so) Message-ID: <m122eCs-000zwBC@complx.LF.net> In-Reply-To: <19991223015153.C19952@scorpion.crimea.ua> from "Alexey Zelkin" at Dec 23, 1999 01:51:53 AM
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > > > Synopsis: systemwide username too short (currently 16 char, should be 64 or so) > > > You did not provide any real example. My experience shown that 16 chars is *really* > > > enough. Anyway aliases(5) is your friend. > > My goal is it to set up a system that allows user-allocated (!) usernames > > for many different domains on one physical system. > > For this to work, I set up a scheme that allows something like > > user+domain > > > > as username. > Are you sure that it's impossible to do with NIS ? It might be technically possible, but not very convenient and, from what I know about RPC programming etc, not very reliable and not very secure. In the past, we have seen so many attacks on portmapper && friends that I'd prefer not to run any RPC-enabled services. > > With the 16 chars limit, this failes very soon for domains longer than > > a few characters. > > This was the reason I asked for 64 chars. > Hmm... Don't you think that it should be *great* overhead in standalone > installation (proc, [uw]tmp, etc. etc. etc.) ? I checked those files before making my suggestion and found out that it would take a bit more diskspace. With diskspace becoming almost commodity, that seemed to be a fair deal. It indeed would make the output of many tools pretty inconvenient (w, ps ax, ls etc), but as "ls" today already adapts to the maxlength of the username in the current directory, it seemes acceptable, while not easy. It might break some FTP "dir" parser, I'm aware of this. > > Aliases are nice for single/few-domain setups, not for systems with > > >>1000 domains on one system. Reason: collissions when selecting > > the "local" part of an account. > > I still think this should be part of Fbsd. > It's part of FreeBSD. It's possible to define user name length as long as you > need, but it's not need for everyone. The problem is that this part kills binary compatibility. If one changes one system, binaries from that system will no longer run on "small-username" systems and the other way round. Which causes lots of interoperability issues and forces a recompile of all applications. With apache and many more applications etc. this causes terrible headaches. I checked other systems. Some had the same limit or a smaller limit as the current 16 chars. Linux has 32 chars (which breaks btw apache which uses a hardcoded value around 25). So, basically, the divergence in the unix area about UT_NAMESIZE has already posed some open questions, so we can do it right this time ? Or, maybe I should really forget about this. But then: What solutions are in common use for large installation with ten+ systems for user/password synchronisation with many different services (POP, PPP, FTP access, HTTP, maybe some SSH access, and others) ? -- MfG/Best regards, Kurt Jaeger 21 years to go ! LF.net GmbH pi@LF.net Oberon.net GmbH pi@oberon.net Vor dem Lauch 23 fon +49 711 90074-23 Friedrich-Ebert-Str.1 D-70567 Stuttgart fax +49 711 7289041 40210 Duesseldorf fon +49 211 179253-11 For Redmond: "nuke the site from orbit -- it's the only way to be sure." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m122eCs-000zwBC>