On Tue, 7 Feb 2012 09:09:09 -0500 (EST) Eric Sturdivant <[email protected]> wrote:
> I am getting errors trying to create PTS users with a name > 50 > characters, is this the limit? (PR_MAXNAMELEN seems to be 64) In all 1.4 releases of OpenAFS and earlier, the ptserver not only checks if the given username is short enough, but also if "username@cell" is short enough. Presumably your cell name (or associated realm name? I forget) is in the vicinity of 14 characters long. This check is done because if you want to be able to authenticate to foreign realms as a foreign user, you (or some tool like aklog) must create a username <user>@<local.cell> in the foreign cell ptdb. So, the username needs to be short enough such that such a user can be created in the future. It was discussed some time in 2010 that this check is unnecessarily restrictive, and was removed (there was some discussion on the mailing list or maybe jabber... I can't find it now). In 1.6 releases of OpenAFS and beyond, as well as any future non-security 1.4 releases if they ever get done, the ptserver will not take the local cell name into account when doing that length check. In the meantime, if you need to create users with names that long... there might be a way to fiddle with the cell name to force it or something. Or you can apply this patch: <http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=f42d59338d6f9df04c48e4b4fa08456b38ca4e4d> -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
