#66: PWD_ABSURD_PWD_LENGTH too low for large groups (> 20000 users) -------------------------+------------------------------ Reporter: periegetes | Owner: pam-developers@… Type: defect | Status: new Priority: trivial | Component: library Version: | Keywords: Blocked By: | Blocking: -------------------------+------------------------------ Hi, I recently encountered a problem with pam_limits where a given limit wasn't applied to the members of a large group (all our users have the same default group, and special permissions are awarded to additional secondary groups, which makes the default group somewhat large). A bit of digging shows that pam_modutil_getgrname returns NULL when the given group gets larger than 262kB (probably as a security measure), which in turns makes the function pam_modutil_ingroup_common return a false negative for the membership of any user to such a group. Here is a trivial patch to increase the maximum group size to 4M (which seems reasonable enoough) : {{{ --- pam-1.1.8/libpam/pam_modutil_private.h 2016-10-18 15:09:07.795224582 +0200 +++ pam-1.1.8.ori/libpam/pam_modutil_private.h 2013-06-18 16:11:21.000000000 +0200 @@ -14,7 +14,7 @@ #include <security/pam_modutil.h> #define PWD_INITIAL_LENGTH 0x400 -#define PWD_ABSURD_PWD_LENGTH 0x400001 +#define PWD_ABSURD_PWD_LENGTH 0x40001 #define PWD_LENGTH_SHIFT 4 /* 2^4 == 16 */ extern void }}} Thank you for your efforts, -- Ticket URL: <https://fedorahosted.org/linux-pam/ticket/66> linux-pam <http://fedorahosted.org/linux-pam> The Linux-PAM (Pluggable Authentication Modules) project