12 April,16 at 11:02 AM
Problem:
Logging in using SSH (stock or Centrify OpenSSH) from a HP-UX machine with a username more than 8 characters fails. SSH closes connection. su works fine. If the username is 8 characters or less, SSH works fine.
Cause:
HP-UX has imposed username restriction of maximum 8 characters running in either Trusted or non-Trusted mode.
Workaround:
In the case of non-Trusted Mode, it is possible to work around this feature by adding a file to the /etc/default directory, as described in the HP KB PCHO-23218, i.e.
/etc/default/I_ACCEPT_RESPONSIBILITY_FOR_BYPASSING_SECURITY_CHECKS
Additional notes (from HP forum sites): There is an eight character limit on user logins on HP-UX 11.0, however there is a patch from HP that you can install on your system to address this issue. This is patch PHCO_21833. Centrify will not provide or take any responsibility if this patch causes other issues. The PAM libraries intentionally reject login names which are longer than 8 characters. This behavior is changed from 10.20. Some customers may want a way to bypass this restriction. Below is the resolution.
Resolution:
libpam_unix.1 now checks for the existence of a file in the "/etc/default" directory called:
"I_ACCEPT_RESPONSIBILITY_FOR_BYPASSING_SECURITY_CHECKS".
If this file exists, then login names longer than 8 characters can be added to the zone, and then those users can login. Note the following restrictions:
1) HP has never claimed that HP-UX supports user names longer than 8 characters, and does not recommend that customers bypass the existing length checks. Doing so may cause functional and/or security problems.
2) This patch does not remove the existing user name length checks from other commands - e.g. pwck(1m), sam(1m), useradd(1m).
3) Do not enable long usernames on trusted system configurations.
4) Check if long user and group name feature enabled or not (please refer to KB-2047: HP-UX - Login/SSH fails with user names longer than 8 characters for details)
The below link explains the limitation as well.
http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01096261&cc=us&dlc=en&lc=en&jumpid=reg_R1002_USEN
Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy. Customers should contact the vendor if there are any further questions