Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-0206: Cannot set process credentials when logging with long username or using long group names

Centrify DirectControl ,  

12 April,16 at 11:11 AM

Applies to: 
All versions of Centrify DirectControl on AIX 5.3 and above.
User failed to login with username more than 8 characters and have the following password prompt:
Also lsgroup (but not adquery group) will fail if the user belongs to a group and the group is more than 8 character long.
You may find the following entry in /var/log/centrifydc.log when debug mode is on
Jun 9 13:42:11 ttntsmisc1 auth|security:debug adclient[2687096]: DEBUG <fd:16 sshd(2949150)> -> centrifydc2_getpwnam user="NOTALLOWEDUSER"
Failed to set process credentials
When specifying Unix user names for AIX users, you should limit the user name and group name to a maximum of 8 characters.
On new version of os such as AIX 5.3 and above it is possible to have more than 8 characters for Unix user names and group names.  Here is the command to check on the setting:
# lsattr -El sys0 -a max_logname
Here is the command to change the setting.  Please note that in this example  we have the limit for the Unix user names to 125 characters:
# chdev -l sys0 -a max_logname=’125’
The system will need to be rebooted after making this change as its a Kernel parameter.
Note: This is not a Centrify issue but a limitation of OS. The below link (was provided as a courtesy only).

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.