Open amanda11 opened 3 years ago
htpasswd appears to support up to 255 characters for the username
These two locations hint at username < MAX_STRING_LEN - 1
https://github.com/apache/httpd/blob/21f16155c38e406e0a0daaa60a539d66128cf044/support/htpasswd.c#L91
https://github.com/apache/httpd/blob/21f16155c38e406e0a0daaa60a539d66128cf044/support/htpasswd.c#L239
MAX_STRING_LENGTH
is set to 256
https://github.com/apache/httpd/blob/21f16155c38e406e0a0daaa60a539d66128cf044/support/passwd_common.h#L35
Linux systems appear to agree with this character limit (although not directly related to St2 Authentication) 256 is the limit for ubuntu, debian and centos
getconf LOGIN_NAME_MAX
256
I saw in some forums that AD has shorter constraints but St2 should allow the largest constraint IMO:
Active Directory has constraints Cn (Common-Name): 64 There is no attribute like 'fullname' the closest one is 'display-Name' and has a limit on 256
With the introduction of https://github.com/StackStorm/st2web/pull/887 there is a username and password limit set, but there is no equivalent check in the CLI.
Some feedback from @m4dcoder "There's going to be some challenges there because the st2auth backends are not managed by st2 (i.e. htpasswd, LDAP, etc.). If those auth providers allow longer usernames and passwords, there's not much we can do other than throw an error that says username/passwords is beyond supported length when user login via the CLI."