Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-0346: HP-UX - Login/SSH fails/closes connection with user names longer than 8 characters

Authentication Service ,  

12 April,16 at 11:02 AM


Logging in using SSH (stock or Centrify OpenSSH) from a HP-UX machine with a username more than 8 characters fails. SSH closes connection. su works fine. If the username is 8 characters or less,  SSH works fine.


HP-UX has imposed username restriction of maximum 8 characters running in either Trusted or non-Trusted mode.


In the case of non-Trusted Mode, it is possible to work around this feature by adding a file to the /etc/default directory, as described in the HP KB PCHO-23218, i.e.


Additional notes (from HP forum sites): There is an eight character limit on user logins on HP-UX 11.0, however there is a patch from HP that you can install on your system to  address this issue. This is patch PHCO_21833.  Centrify will not provide or take any responsibility if this patch causes other issues. The PAM libraries intentionally reject login names which are longer than 8 characters. This behavior is changed from 10.20. Some customers may want a way to bypass this restriction. Below is the resolution.


libpam_unix.1 now checks for the existence of a file in the "/etc/default" directory called:


If this file exists, then login names longer than 8 characters can be added to the zone, and then those users can login. Note the following restrictions:

1) HP has never claimed that HP-UX supports user names longer than 8 characters, and does not recommend that customers bypass the existing length checks. Doing  so may cause functional and/or security problems.

2) This patch does not remove the existing user name length checks from other commands - e.g. pwck(1m), sam(1m), useradd(1m).

3) Do not enable long usernames on trusted system configurations.

4) Check if long user and group name feature enabled or not (please refer to KB-2047: HP-UX - Login/SSH fails with user names longer than 8 characters for details)

The below link explains the limitation as well.

Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy.  Customers should contact the vendor if there are any further questions