OpenSSH and Solaris groups

Ed Phillips ed at UDel.Edu
Wed Jun 19 04:55:27 EST 2002


NGROUPS_MAX is 16 in /usr/include/limits.h.  OpenSSH uses this in it's
call to getgroups() so EINVAL is the proper error for it to return
according to "man getgroups".  I have no idea why it works for one
machine.  You might try changing NGROUPS_MAX to MY_NGROUPS_MAX in the
code, and set it to 32 or some larger number.

By the way, how did you change the maximum number of groups in
/etc/system?  Is this a "documented" feature?  It seems like a good number
of things would break... scary... ;-)  I feel your pain tho'... we have at
least one user with a list of 40+ groups that fluctuates and we
occasionally get complaints that the ones he wants to have aren't in the
16 he gets... ;-)

Thanks,

	Ed

On Tue, 18 Jun 2002, Matt Studley wrote:

> Date: Tue, 18 Jun 2002 14:24:42 -0400 (EDT)
> From: Matt Studley <mjs at ams.org>
> To: openssh-unix-dev at mindrot.org
> Subject: OpenSSH and Solaris groups
>
>
> I have an odd problem and I was wondering if anyone has ever run into this
> before.  I have a machine running solaris 8, OpenSSH 3.1p1 and OpenSSL
> 0.9.6c and it has been working fine for quite some time (ssh that is).
> Today, /etc/system was updated to increase the maximum number of groups
> from 16 to 32.  After the system was rebooted, things seemed to be working
> as expected, however one of our users who is a member of 21 groups (don't
> ask) is now unable to log in.  Previously the extra groups over 16 were
> ignored and things were fine, but it seems like now that the system is
> recognizing membership to these groups ssh is failing.  The error that
> appears in the log file and when connecting to a port running a debugging
> server reports that getgroups failed with an invalid argument.  This is
> happening from all machines... except one which is the strange thing.  If
> the user connects via ssh from one certain machine, the error still
> appears in the log file, however the login is successful.  Has anyone ever
> run into something like this before?  Any and all advice would be greatly
> appreciated.  Thanks.
>
> sshd[847]: [ID 800047 auth.crit] fatal: getgroups: Invalid argument
>
> Matt Studley
> American Mathematical Society
> UNIX Sys Admin        		  "Quantum Mechanics -
> mjs at ams.org			  	The dreams that stuff is made of"
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>

Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key




More information about the openssh-unix-dev mailing list