trying to
ssh userwithlongname@aixhost fails. when i
su - userwithlongname i get this on AIX 6.1:
3004-503 Cannot set process credentials
What?
# pam.conf
sshd auth required /usr/lib/security/pam_aix use_new_state use_first_pass
sshd account required /usr/lib/security/pam_aix
sshd password required /usr/lib/security/pam_aix
sshd session required /usr/lib/security/pam_aix
# /etc/ssh/sshd_config
uncomment the UsePAM line and change UsePAM = no to UsePAM = yes.
# chsec -f /etc/nscontrol.conf -s authorizations -a secorder=files,LDAP
# lsattr -El sys0
shows system variables in the ODM database.
# chdev -l sys0 -a max_logname=30
did it work?*
# getconf LOGIN_NAME_MAX
30
yeah.
# nfso -p -o nfs_use_reserved_ports=1
*
Why?
because sometimes you have users with groups and names longer than 8 characters.
if so, if their primary GID is one of those groups, or if their uids are longer than 8 characters, no logon.
first hint... tried to su as a user, only first 8 characters shown.
did an lsgroup and the group did not exist.
did an lsgroup ALL and saw that the LDAP group had no content.
neat.