[Bug 343738] Re: vsftpd max username length too small

[Kenny Millington]

** Description changed:

  vsftpd has a max username length of 32, this is too small for a virtual
  hosting environment where the username is a user's e-mail address (if
  they have a long domain name etc...)
  
  This issue was patched in FC10 via their patch system and has been
  pulled into the new upstream 2.1 version, I'll attach a debdiff to this
  bug once it's created so I know the bug number.
+ 
+ SRU Report (for Hardy)
+ -----------------------------
+ 
+ This bug's impact is (probably) mostly felt by users running Hardy as a
+ hosting server using vsftpd as their FTP server. Hosting servers
+ typically use either the domain name and/or e-mail address as the
+ username which can easily exceed the 32 character limit.
+ 
+ This has been fixed in the current development version (Karmic -
+ 2.1.1~pre1-2ubuntu1) by syncing a later release of vsftpd from Debian
+ which has already applied this fix. A minimal patch to apply this fix
+ has previously been attached to this bug (LP343738-hardy.patch).
+ 
+ TEST CASE: This bug can be reproduced by creating a username greater
+ than 32 characters then attempting to login with the unpatched vsftpd.
+ Upon upgrading to the patched vsftpd this login attempt should then
+ succeed.
+ 
+ Looking at the patch regression seems unlikely (given the nature of the
+ change), however, the worst case outcomes I can see for regression are:-
+ 
+ a) vsftpd stops working; or
+ b) An (unknown) underlying authentication mechanism requires vsftpd to reject usernames greater than 32 characters and hence breaks.
+ 
+ I'm afraid I'm not sure how likely (b) is, however PAM can handle
+ usernames of such length.

-- 
vsftpd max username length too small
https://bugs.launchpad.net/bugs/343738
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.