# Username length 16



## amilojko (Dec 6, 2011)

I know this has been discussed to the n(th) degree but I am wondering if FreeBSD project has plans to increase the number of characters in a username to 60+ in future releases. Or am I going to start using other OS? After using FreeBSD for over a decade I hate to have DOS 8.3 character limits sort of thing. I don't want to rebuild the world either.

Any light on this?

Thanks!


----------



## fonz (Dec 7, 2011)

amilojko said:
			
		

> plans to increase the number of characters in a username to 60+


Why in the name of [_insert favourite deity/celebrity/scientist here_] would you want that? :q You do know that there's a Gecos field, right?



			
				amilojko said:
			
		

> Or am I going to start using other OS.


That is of course your choice. Somehow I feel strangely *un*affected. :e



			
				amilojko said:
			
		

> After using FreeBSD for over a decade
> [snip]
> I don't want to rebuild the world either.


If you've been using FreeBSD that long you ought to know that wanting something that nobody else wants but not wanting to do anything for it doesn't usually produce much result.

Besides, there might be more to it than just FreeBSD itself. Userland applications often have parameters like these hardcoded and when they do, the size is highly unlikely to be as long as that. In other words: there probably won't be many applications that can (correctly) handle such outrageously long usernames.

Fonz


----------



## amilojko (Dec 7, 2011)

Hi there,

Thanks for your reply. I am hardly the only one wanting this feature. 60 + characters is just looking into the future. Something around 30/40 would be competitive right now. It would make FreeBSD much better option for web hosting servers. It would be nice to use FreeBSD for everything. Plus other popular systems don't have that limit. Imagine being able to log into your server with your email address. Well, I'll just have to put my tail between my legs and use CentOS.


----------



## fluca1978 (Dec 7, 2011)

amilojko said:
			
		

> Imagine being able to log into your server with your email address.



I don't think I will never login into one of my server typing so much characters....
Besides this, a lot of application nowdays use a database backend for accounting, so there is no particular need I can see in having so much long usernames.


----------



## funky (Dec 7, 2011)

See adduser(8), so it is possible, but


			
				amilojko said:
			
		

> I don't want to rebuild the world either.


So, maybe the given alternative helps, from the man page 
	
	



```
"... you can define an alias in /etc/mail/aliases."
```
 Maybe this meets your requirements.


----------



## kpa (Dec 7, 2011)

Those are email aliases for the MTA in the system, not for login.


----------



## SirDice (Dec 7, 2011)

I'm not sure what the maximum username length is but have you considered using LDAP?


----------



## funky (Dec 7, 2011)

kpa said:
			
		

> Those are email aliases for the MTA in the system, not for login.


Oh, I was just blindly citing (and probably misinterpreting) the man page, sorry.

A quick "greping" through the source of FreeBSD 9.0 revealed:

```
int UT_NAMESIZE = sizeof(utmp.ut_user)
```


```
char ut_user[32];
```

however the ut_user is in the utmpx struct defined in utmpx.h and not in utmp.h (which actually can not be found in the source), so I am not sure.


----------



## gkontos (Dec 7, 2011)

What he is asking might sound strange and funny to most of us. However, when it comes to control panels sometimes it is a must.


----------



## fluca1978 (Dec 7, 2011)

gkontos said:
			
		

> What he is asking might sound strange and funny to most of us. However, when it comes to control panels sometimes it is a must.



Are you referring to some FreeBSD specific control panel or to an application based one? because the latter can use any authentication system is required, even an ad-hoc one.


----------



## gkontos (Dec 7, 2011)

fluca1978 said:
			
		

> Are you referring to some FreeBSD specific control panel or to an application based one? because the latter can use any authentication system is required, even an ad-hoc one.



No, I am referring to control panels like CPANEL, WHM, VIRTUALMIN, etc. The majority of control panels that I have seen require long usernames for setting up virtual email accounts. 

I don't like this technique for setting up email accounts. I prefer to keep all my users to a database, separated from OS accounts. That's the way I have done it but in order to make it work I had to improvise a lot !

Regards


----------



## amilojko (Dec 8, 2011)

gkontos said:
			
		

> What he is asking might sound strange and funny to most of us. However, when it comes to control panels sometimes it is a must.



Bingo! This is the meat and potatoes. Nobody today uses Unix to login via serial terminal Wyse60 or something and do email. Or is there?!
Time is money and sometimes you have to deploy quickly. CentOS can be ready to rock in 2 hours flat. No experience necessary. FreeBSD in 24-48. Trust me, inexperienced user will always win. There are a lot more of them.

Even adduser says it's 16 characters for historical reasons. Well, lets get on with it and move to the 21 century. CentOS guys and their "upstream" are galloping forward. I hate to rub this in, sorry.


----------



## funky (Dec 8, 2011)

amilojko said:
			
		

> [snip]
> Trust me, ...
> [snip]


No, I don't.

Additional hints about the actual problem: There is also a #define MAXLOGNAME 17 in sys/sys/param.h which defines the maximum login name length. I think this has to be altered in conjunction with the UT_NAMESIZE variable.


----------



## gkontos (Dec 9, 2011)

amilojko said:
			
		

> CentOS can be ready to rock in 2 hours flat. No experience necessary.
> FreeBSD in 24-48.
> Trust me, inexperienced user will always win. There are a lot more of them.



No experience necessary, just a few clicks and you are done. Who cares if bluetooth and a bunch of useless, sometimes dangerous, services are activated on a server by default ? 

Inexperienced users don't win. They just cost less to hire them. Sometimes they end up costing a fortune when their inexperience has caused a small disaster.   



			
				amilojko said:
			
		

> CentOS guys and their "upstream" are galloping forward.
> I hate to rub this in, sorry.



Their "upstream" is galloping but I wouldn't be so sure for the CentOS folks.


----------



## amilojko (Dec 27, 2011)

Well lookst like FreeBSD 9 will still have username limit 16


----------



## fluca1978 (Dec 28, 2011)

Is there any concrete software/service that requires usernames longer than those FreeBSD provides? I guess this could be the only requirement to convince developers to increase the length, but we need a software listing here. This is my thought.


----------



## Sebulon (Dec 28, 2011)

I set up our FBSD FreeBSD servers to authenticate towards our Active Directory using the winbind module and when some of our technicians was using their purpose-made _ad-storage-accounts_ (19 chars) to log in via ssh, they where just met by a cryptic error message. After spending some time at teh goog, this was obviously the problem we faced. The solution we applied was to shorten the login names for those accounts, but if FBSD FreeBSD were to bump the max chars up to, letÂ´s say, 32, we would never have had that problem in the first place.

Bottom line, if there arenÂ´t any real downsides to it, then why not?

/Sebulon


----------



## amilojko (Dec 29, 2011)

fluca1978 said:
			
		

> Is there any concrete software/service that requires usernames longer than those FreeBSD provides? I guess this could be the only requirement to convince developers to increase the length, but we need a software listing here. This is my thought.



@fluca1978

Yes, Webmin/Virtualmin. But really any service needs it if you want to support virtual accounts with names that mean" something. I patched my system to support 64 characters and haven't run into trouble yet. I don't like "patchwork" though. Isn't it convincing enough that other systems have much longer limits? Isn't it convincing that the reason it is still 16 is "historical".

I agree with Sebulon too. You got a stay competitive. There are two facts that I will mention. I installed CentOS on a server in 2 hours flat ready to do whatever you want. I installed Ubuntu on a laptop to dual boot with Windows using wubi in 1 hour flat.  All hardware works. Didn't move a finger.
:r


----------



## amilojko (Dec 29, 2011)

Our DutchDaemon friend here has time to check spelling. How about trying to convince our friends at FreeBSD to do something about this username limit? What do you say? I'll have a case of Heineken delivered to your door!


----------



## wblock@ (Dec 29, 2011)

amilojko said:
			
		

> Our DutchDaemon friend here has time to check spelling.
> How about trying to convince our friends at FreeBSD to do something about this username limit?



As someone who needs and uses it, you can make a better case for it than he can.  Try freebsd-questions.


----------



## fluca1978 (Dec 29, 2011)

This is just my thought... I usually do not use username so that long in my servers, however I've got usernames long more than 16 chars, but logins are handled via ldap or at the application level. I have to confess I've not tried ldap + FreeBSD for this particular case. If this is true also for FreeBSD, it means that, as already said, long usernames are almost handled by an application layer over the operating system.


----------



## vertexSymphony (Dec 29, 2011)

amilojko said:
			
		

> Our DutchDaemon friend here has time to check spelling.
> How about trying to convince our friends at FreeBSD to do something about this username limit?
> What do you say?
> I'll have a case of Heineken delivered to your door!



Well, DutchDaemon is a moderator ... so that's what he does.
Everyone has his own "department" and you just can't come un-politely asking and telling someone to do whatever YOU NEED (I don't even know if DutchDaemon is a coder and can even make it anyways), specially if you bash an entire OS for such a stupid detail
Honestly, unless you make a good case and submit a proper PR, this is a non-issue ..

As usual: 
1) Stop complaining
2) Patches welcome.

Thank you.


----------



## amilojko (Dec 29, 2011)

vertexSymphony said:
			
		

> Well, DutchDaemon is a moderator ... so that's what he does.
> Everyone has his own "department" and you just can't come un-politely asking and telling someone to do whatever YOU NEED (I don't even know if DutchDaemon is a coder and can even make it anyways), specially if you bash an entire OS for such a stupid detail
> Honestly, unless you make a good case and submit a proper PR, this is a non-issue ..
> 
> ...



I wouldn't say it's a "stupid" detail, I'd say it's a "trivial" detail, but it takes an hour to recompile the source to support longer usernames.
And exactly because it's trivial, it should be done right from the start.

This is done on a fresh system with installed sources:

a)	Change /usr/src/sys/sys/param.h MAXLOGNMAME to 65

```
#define MAXLOGNAME      65
```

b)	Change /usr/src/include/utmp.h UT_NAMESIZE to 64

```
#define UT_NAMESIZE     64
```

c)	Then rebuild world and kernel:

```
cd /usr/src
make -j4 buildworld
make -j4 buildkernel
make installkernel
reboot (donâ€™t have to go into single user mode if done on a fresh system without any services running)
adjkerntz -i
mergemaster -p
cd /usr/src
make installworld
mergemaster
reboot
```
It's in the bible. 
Romans, Chapter 25.7 "Rebuild World"
Sounds biblical.


----------



## amilojko (Dec 29, 2011)

fluca1978 said:
			
		

> This is just my thought... I usually do not use username so that long in my servers, however I've got usernames long more than 16 chars, but logins are handled via ldap or at the application level. I have to confess I've not tried ldap + FreeBSD for this particular case. If this is true also for FreeBSD, it means that, as already said, long usernames are almost handled by an application layer over the operating system.



True fluca1978, one can use LDAP for some things, but if you want a complete system to be uniform and use one user database then you need to have every service support ldap and I'm not sure they all do. This adds another layer of complexity and the fix is fairly simple. 
In some instances LDAP is the solution.


----------



## Crivens (Dec 29, 2011)

amilojko said:
			
		

> I wouldn't say it's a "stupid" detail, I'd say it's a "trivial" detail,
> but it takes an hour to recompile the source to support longer usernames.
> And exactly because it's trivial, it should be done right from the start.


This is only the start. Now you have to prove that you did not open any buffer-overflow holes in the base system where some lazy bum (also known as programmer) has used his own idea of how to get the max user name length. And so you may create a new root hole by buffer overflow.

I do not say that it is so and your changes will do it - but have you at least tried to find out? These changes are simply done and rebuilding everything with it is also done fast. But that is only the start.



			
				amilojko said:
			
		

> ...
> It's in the bible.
> Romans, Chapter 25.7 "Rebuild World"
> Sounds biblical.


Yes, and we can do it with some simple finger movements! :e
But you can also break world as easily, as some of us had the "pleasure" to find out some place along that road. :stud

So if you now have a system up and running with these new limits, please check if something weird happens when running it. If not, why not submit it and feel proud of having done it?
I know I would.


----------



## fonz (Dec 29, 2011)

amilojko said:
			
		

> And exactly because it's trivial, it should be done right from the start.


Right is a subjective term. Your right is someone else's wrong.

You want something that the vast majority doesn't need.
Those who do need it have found ways to make it happen.
But you don't want to do anything for it yourself.
You can't even be arsed to recompile a kernel.
Instead, you insist that others do what you want and change things just because you want something.
And if they don't, you "threaten" to switch to another OS (feel free to do so).

I'm pretty much done with this silly thread. I have better things to do.

Fonz, out


----------



## amilojko (Dec 29, 2011)

fonz said:
			
		

> Right is a subjective term. Your right is someone else's wrong.
> 
> You want something that the vast majority doesn't need.
> Those who do need it have found ways to make it happen.
> ...



Fonz, you are missing the point, which Crivens gets very well.

There are so many dumbasses, like me, who want to have things easy and don't want to do anything and yet have everything. Ok. Because there are OSes out there that will help you help your customers fast people will use them. Which means they won't use FreeBSD, which they should, but they won't because it takes too much time and skill to customize it. When FreeBSD was around, Ubuntu developers were just born, ok. Why do you think Windows is so popular. Because I'm lazy, I'm not that smart and I want to do as little as possible. And I didn't mean "right" as in "correct", I meant it as "from the beginning".


----------



## DutchDaemon (Dec 30, 2011)

When and where has FreeBSD ever expressed the wish that it wants 'dumbasses' to use its OS, or that it wants to be 'popular'? You're entirely free (*Free*BSD) to adjust FreeBSD to your wishes and submit a patch, or to move on to any OS out there that's fit for 'dumbasses' who are 'lazy' (not my words).

In short: nobody's going to do this for you, because no one feels the need to do it. Those who *do* feel the need to do it should do it and submit the changes to developers, who are free to reject them or send them back because the patch breaks twenty-five sub-systems.

Also note that the FreeBSD forums are aimed at end-users and admins, not so much at developers. There's only a hand-full of them active on the forums. The mailing lists would be a better place to address this issue. Be prepared to get roughly the same type of reply though. People with shopping lists and demands usually do.


----------



## Sebulon (Dec 30, 2011)

@Crivens



> This is only the start. Now you have to prove that you did not open any buffer-overflow holes in the base system


Very good point, I didnÂ´t think about that.



> So if you now have a system up and running with these new limits, please check if something weird happens when running it. If not, why not submit it and feel proud of having done it?
> I know I would.


IÂ´m in a mood for adventure, so IÂ´m going to do this to test it out. What is this "wierd" that IÂ´m supposed to look for? Could you come with suggestions on how to best monitor the system after the changes are made?

@Dutch



> Those who *do* feel the need to do it should do it and submit the changes to developers


Could you please give me instructions as how to submit the changes in the "correct proper" fashion. Or point me to where this is explained?
IÂ´m probably not going to start by just blindly submitting a patch, but rather first bring this up for discussion at the mailing lists, but if/when the time comes, it would be nice to know how.

-------------------------

After making these changes, recompiled and installed, I would like everyones ideas on stuff to test to see if the changes made had any negative ramifications that would prove that there is a real reason why NOT to have more than 16 characters, because it brakes the system.

I would like to test as much as possible, then bring it up at the lists saying "16 feels a little cramped nowadays due to longer login names. IÂ´ve already tried recompiling and tested as much I could, and I couldnÂ´t really find any negatives to this. How would you feel about making these changes permanent?" something or other.

IÂ´m gonna start by installing SAMBA and joining to our domain, then try to log in via SSH and local login using a ridiculously long account name. IÂ´m also gonna test adding a local account with a ridiculously long account name using adduser and remove it again with rmuser.

More suggestions, come on now! LetÂ´s make sure to test this the "best" we possibly can!

/Sebulon


----------



## amilojko (Dec 30, 2011)

@ /Sebulon 

I don't think you will have many issues with very long names. I think most programs don't have an issue with it. In this case the OS is the bottleneck. (MySQL has 16 character username limit actually too). This is not a new patch either. People have had to do this for a long time.
But it takes a while to do, an hour or more. Sometimes the rebuild with fail and then you are screwed. You have to spend hours and hours dealing with it.

It would be, in my opinion, easy and very pro-active for the FreeBSD team to make the change and then it would be there permanently. There is a whole list of things I would like to see in FreeBSD but like the DutchDeamon said I better submit something to them. Whining on a user forum is not going to do anything.

Like why does anyone build sendmail and ftpd without SSL support? Should never be done. (unless its a anonymous FTP). Those are little twinkie things that make admins' lives much easier and are not hard to do. But you have to do it for every server you install.


----------



## Terry_Kennedy (Dec 30, 2011)

amilojko said:
			
		

> I wouldn't say it's a "stupid" detail, I'd say it's a "trivial" detail, but it takes an hour to recompile the source to support longer usernames.
> And exactly because it's trivial, it should be done right from the start.


This is one of the things that comes up every now and then, and ends up with the status quo. Changing this counts as an ABI change, so it would only happen in a new major release. Since 9.0 is in the process of releasing, that means that this change would have to wait for 10.0 (or 10-CURRENT if you want to run prerelease software).

In the other BSD's I looked at just now, NetBSD is 16, OpenBSD is 32, and DragonFly is 16.

I tilted at this particular windmill years ago (under BSD/OS and later FreeBSD) and during the time I needed it (at a previous job)*, it was one of a number of things that I changed in the base system. As I recall, there are a couple places which had it hardcoded at 16 - I think top might have been one of them. But that was over 10 years ago, and things have probably changed.

I have a number of limits I change in the base system (ARGMAX, among others). I accept the fact that I need to compile everything myself. 

I don't think you're going to get anything useful asking for this change, both because as I mentioned above, you wouldn't see it until 10.0, and because this isn't the place to reach the developers and attempt to convince them of the need for this feature. And if you do want to post to the developer's mailing list, I'd suggest researching the reasoning behind OpenBSD's implementation of this change. You may find other things there that will help your proposal.

* I implemented a single-signon environment which had (among other things) a number of VMS systems, an IBM mainframe, Netware (yes, it was that long ago) and BSD/OS (and later FreeBSD). As the VMS systems were the senior members, everything else had to adapt to the usernames on that system, which were up to 16 characters in length (before FreeBSD 3.0, the limit was 12).


----------



## Crivens (Dec 30, 2011)

Sebulon said:
			
		

> @Crivens
> Very good point, I didnÂ´t think about that.


Sorry, it comes with the job 


> IÂ´m in a mood for adventure, so IÂ´m going to do this to test it out. What is this "wierd" that IÂ´m supposed to look for? Could you come with suggestions on how to best monitor the system after the changes are made?


Oh, the usual things. Kernel panics, sudden crashes of programs like login, the box being rooted and spewing kiddie pr0n all over the place, nuclear junk starting to show up in your backjard ...  


> More suggestions, come on now! LetÂ´s make sure to test this the "best" we possibly can!
> 
> /Sebulon


Maybe a tool like KLEE could be of help.


----------



## amilojko (Dec 30, 2011)

Many thanks Terry!


----------



## fonz (Dec 30, 2011)

amilojko said:
			
		

> Dutch! Please don't edit the formatting in my post. It is part of my expression.


Your post was edited because it didn't comply to the forum rules, which you have been sent a copy of when you signed up. It's part of our policy to keep things tidy here. Those rules apply to everybody, even you.

Fonz


----------



## DutchDaemon (Dec 31, 2011)

Sebulon said:
			
		

> @Dutch
> 
> Could you please give me instructions as how to submit the changes in the "correct proper" fashion. Or point me to where this is explained?
> IÂ´m probably not going to start by just blindly submitting a patch, but rather first bring this up for discussion at the mailing lists, but if/when the time comes, it would be nice to know how.



The best starting point would be freebsd-questions. They should be able to point you to the relevant mailing list (possibly freebsd-hackers) or even directly to the developer(s) in charge of this piece of code.

If you have a clean bit of code (so a tidy, documented patch that doesn't need discussion, just testing), you could drop it using a PR.


----------

