Roland, The responses I gave were based on the passwd(4) man page as a reference. Is this inappropriate or is the man page wrong?
Roland Mainz wrote: > Niall Power wrote: > >> Roland Mainz wrote: >> >>> Niall Power wrote: >>> >>>> While I essentially agree with Roland, the GUI shouldn't be doing any of >>>> the login name validation to begin with. The orchestrator should be doing >>>> the necessary validation and informing the GUI of whether the login name >>>> is valid or not, much like PAM currently does for password management. >>>> >>>> In this case, looking at passwd(4) manpage, it states: >>>> "The login (login) and role (role) fields >>>> accept a string of no more than eight bytes >>>> consisting of characters....." >>>> So counting in bytes looks appropriate to me. >>>> >>> I strongly disagree. >>> >> What specifically are you disagreeing with? >> > > I disagree that the limit should be counted in bytes... and technically > the limit (if you want to count in bytes) should be 32bytes as set by > the extended accounting project (which was AFAIK added in Solaris 8). > > >>> Other Unix versions and Linux evolved to a point >>> where they accept multibyte characters as input and when you need >>> interoperabilty with Windows (where you can use (a subset, e.g. not >>> special charcters like '\' etc.) Unicode characters for login names) >>> then you're ending up either with complex account name mapping, >>> automatic transliteration (which is insecure) or just support non-ASCII >>> login names (and right now I'm really in the mood to fight up to a point >>> of making an ARC case... grrr... :-) ). >>> >> I'm not disagreeing with anything you say in principal, but I don't see >> how it's >> relevant to this code review. >> > > Well, the code tries to add an artifical limit and then (IMO) even does > the measurement wrong... ;-( > It doesn't seem very artificial to the person who reported this bug :-/ To the best of my knowledge, the installer adds the user account using the useradd command. According to the useradd man page: useradd requires that usernames be in the format described in passwd(4). A warning message is displayed if these res- trictions are not met. See passwd(4) for the requirements for usernames. According to the passwd(4) man page: The login (login) and role (role) fields accept a string of no more than eight bytes consisting of characters from the set of alphabetic characters, numeric characters, >> We're bound by the limitations of what >> OpenSolaris supports >> now >> > > Erm... the current OpenSolaris codebase has no (big) problems with > multibyte login names... however this patch would create a _new_ problem > ... > # useradd -d /export/home/reallylongname reallylongname UX: useradd: reallylongname name too long. # useradd -d /export/home/reallylongname ??? UX: useradd: ERROR: ??? is not a valid login name. Choose another. Thanks, Niall. >> and it's not within our scope to fix those limitations. This goes >> way beyond the scope of the installer. >> > > If the installer prevents people from using multibyte login names how > should the remaining problems be found&&fixed ? > > ---- > > Bye, > Roland > >
