[2811] in Kerberos
Re: [tad1@cornell.edu (Tom Dimock): Kerberos and/or Jeff Schiller]
daemon@ATHENA.MIT.EDU (Scott Dawson)
Sun Sep 12 22:24:40 1993
To: tytso@MIT.EDU (Theodore Ts'o)
Cc: tad1@cornell.edu, tjm@MIT.EDU, kerberos@MIT.EDU, jdaly@MIT.EDU,
In-Reply-To: Your message of "Fri, 10 Sep 1993 16:34:15 EDT."
Date: Sun, 12 Sep 1993 22:00:56 -0400
From: Scott Dawson <sdawson@engin.umich.edu>
> The answer is that under DecAthena(tm), you can only have 32,000
> accounts. But this limitation has nothing to do with Kerberos, but with
> the allowable range of user uid's that can be used under Ultrix.
>
> There's actually a rather stupid bug associated with this limitation ---
> for some strange reason, if you call setuid(x) where x > 32,000, setuid
> will return EINVAL. Silly, eh? Why 32,000, and not 32,767? My
> personal suspicion is that some DEC architect specified that setuid
> should return EINVAL if it was greater than 32k, and the programmer who
> actually implemented the said specifications took "32k" to mean
> "thirty-two thousand, base 10".
We got bitten by this. We had to change our login and xlogin stuff.
Who would've thought...
Actually though, the uid range that's bad is only from 32001-32767.
Starting at 32768 (2^15), it works again. This is because Ultrix uses \
a 16-bit signed number for the uid and the uids which are 32768+ show
up as negative numbers. Therefore (uid <= 32000)? works and setuid
won't fail.
Now we hand out uids which are either < 32000 or ( > 32768 && < 65536).
When you ls your files, you still see that they're owned by -20674 or
whoever, but everything else seems to work ok.
-Scott
