Bug 79022 - Problem in krb5_kuserok library call for long usernames
Problem in krb5_kuserok library call for long usernames
Product: Red Hat Linux
Classification: Retired
Component: krb5 (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2002-12-04 11:53 EST by Keith Milligan
Modified: 2007-04-18 12:48 EDT (History)
1 user (show)

See Also:
Fixed In Version: krb5-1.2.7-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-07 15:09:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Keith Milligan 2002-12-04 11:53:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020830

Description of problem:
Verification of long userids will fail for any program that calls krb5_kuserok
(which includes newer versions of pam_krb5 and openssh).  This is due to a
define in kuserok.c that limits accounts to 9 characters.  I e-mailed the
Kerberos mailing list about this and they responded that increasing this limit
was a reasonable thing to do.  I'm including a patch for this as additional

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Enable Kerberos logins for the system
2. Create an account with a username of >= 10 characters
3. Try to log in

Actual Results:  The account no longer functions when Kerberized.

Additional info:

--- src/lib/krb5/os/kuserok.c   2000-04-28 22:33:58.000000000 -0400
+++ src/lib/krb5/os/kuserok.c.mod       2002-12-04 11:16:11.000000000 -0500
@@ -38,7 +38,7 @@
 #define getpwnam(user) getpwnam((char *)user)

-#define MAX_USERNAME 10
+#define MAX_USERNAME 64

  * Given a Kerberos principal "principal", and a local username "luser",
Comment 1 Bill Nottingham 2006-08-07 14:54:39 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 2 Nalin Dahyabhai 2006-08-07 15:09:25 EDT
This was fixed somewhere between krb5 1.2.2 and 1.2.7.  Closing.

Note You need to log in before you can comment on or make changes to this bug.