Support 32-bit unsigned integer UID's for GoogleOTP

rocksclusters / base

Base roll for Rocks Clusters

http://www.rocksclusters.org/

25 stars 10 forks source link

Support 32-bit unsigned integer UID's for GoogleOTP #10

Open tcooper opened 10 years ago

tcooper commented 10 years ago

The following lines of plugin_googleotp.py 411 plugin...

                # only users in Range
                if uid >= 500 and uid < 65534: 
                    otp_users.append(username)

...limit googleotp to user accounts with UID's below the old maximum value (an unsigned 16-bit integer).

Newer kernels use an unsigned 32-bit integer for the UID and GID.

Perhaps we could allow UID values up to the current max (4294967294) to use googleotp out of the box.

lclementi commented 9 years ago

Yea but Centos limit the uid to: [root@rocks-152 google-otp]# grep UID /etc/login.defs UID_MIN 500 UID_MAX 60000

Is there a specific reason why we need this?

Luca

tcooper commented 9 years ago

While /etc/login.defs defines the default values for UID_[MIN|MAX] and SYS_UID_[MIN|MAX] the data type holding these values supports larger UID values and, in fact, larger UID values are used.

The change is not required but would add support for GoogleOTP for UID values larger than 65535 if they were, in fact, in use.

It's a feature request not a bugfix.