<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:#1F497D;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>I can’t test the getent command right now. we have a workaround
in place that I’d have to disengage to test it out.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'>I’m at SP1. Pam version in SP1 is 0.99.6.3-28.8 and didn’t
change in sp2 – are there any specific packages you might recommend updating to
sp2? It’s not feasible for me to wholesale change the whole system to sp2, so targeting
packages for experimentation would be easier.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> pam-list-bounces@redhat.com
[mailto:pam-list-bounces@redhat.com] <b>On Behalf Of </b>Jon Miller<br>
<b>Sent:</b> Wednesday, January 28, 2009 6:06 PM<br>
<b>To:</b> Pluggable Authentication Modules<br>
<b>Subject:</b> Re: pam list size limit?<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>Are you sure the issue is with
pam_access? How many entries do you get when you run "getent group
<grpname>" ?<br>
Finally, what level SP are you at on your SLES10 machine? If you're not at SP2,
you could try updating to that. I've found SP2 to have solved a lot of issues. <br>
<br>
-- Jon Miller<o:p></o:p></p>
<div>
<p class=MsoNormal>2009/1/28 Wendy Palm <<a href="mailto:wendy@cray.com">wendy@cray.com</a>><o:p></o:p></p>
<div>
<div>
<p><span style='font-size:10.0pt'>We have a site that uses pam to regulate user
logins, and has a unix group in excess of 2500 user entries which is specified
in the access.conf file.</span><o:p></o:p></p>
<p><span style='font-size:10.0pt'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt'>They were running SLES9 (pam-0.77-221.4) and
had no problems. However, updating to SLES10 (pam-0.99.6.3-28.8), they
are now having problems with the group list truncating at about 1100 user
entries.</span><o:p></o:p></p>
<p><span style='font-size:10.0pt'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt'>Was some default limit changed? I
checked the archives, but didn't see anything blatent announcing this. I
checked the ChangeLog in the source code and found an entry that is suspicious
(2005-12-21 Tomas Mraz simplifying evaluate_ingroup), but again, nothing
blatent.</span><o:p></o:p></p>
<p><span style='font-size:10.0pt'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt'>What is the limit? How can I change it
(preferably without recompiling)? Is this at all possible?</span><o:p></o:p></p>
<p><span style='font-size:10.0pt'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt'>Thanks,</span><o:p></o:p></p>
<p><span style='font-size:10.0pt'>Wendy</span><o:p></o:p></p>
<p><span style='font-size:10.0pt'> </span><o:p></o:p></p>
<p><span style='font-size:10.0pt'> </span><o:p></o:p></p>
<p> <o:p></o:p></p>
<p>---------------------------------<o:p></o:p></p>
<p>Wendy Palm<o:p></o:p></p>
<p>Security Software Engineer<o:p></o:p></p>
<p>wendy at cray dot com<o:p></o:p></p>
<p> <o:p></o:p></p>
</div>
</div>
<p class=MsoNormal><br>
_______________________________________________<br>
Pam-list mailing list<br>
<a href="mailto:Pam-list@redhat.com">Pam-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/pam-list" target="_blank">https://www.redhat.com/mailman/listinfo/pam-list</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</body>
</html>