All versions of Centrify DirectControl on AIX 5.3 and above.
User failed to login with username more than 8 characters and have the following password prompt:
Also lsgroup (but not adquery group) will fail if the user belongs to a group and the group is more than 8 character long.
You may find the following entry in /var/log/centrifydc.log when debug mode is on
Jun 9 13:42:11 ttntsmisc1 auth|security:debug adclient: DEBUG <fd:16 sshd(2949150)> -> centrifydc2_getpwnam user="NOTALLOWEDUSER"
Failed to set process credentials
When specifying Unix user names for AIX users, you should limit the user name and group name to a maximum of 8 characters.
On new version of os such as AIX 5.3 and above it is possible to have more than 8 characters for Unix user names and group names. Here is the command to check on the setting:
# lsattr -El sys0 -a max_logname
Here is the command to change the setting. Please note that in this example we have the limit for the Unix user names to 125 characters:
# chdev -l sys0 -a max_logname=’125’
The system will need to be rebooted after making this change as its a Kernel parameter.
Note: This is not a Centrify issue but a limitation of OS. The below link (was provided as a courtesy only).