Bug #4968

user_attr limit triggers pwconv error message

Added by Eric Saxby about 4 years ago.

Status:NewStart date:2014-07-08
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Difficulty:Medium Tags:needs-triage

Description

We just ran into a problem where we hit an apparent limit in the number of RBAC authorizations for a user. This appears to be 50.

After setting 52 auths (26 manage auths and 26 value auths) on a user, further attempts to do any user modifications in the system (usermod -A, useradd) respond with an error "ERROR: Inconsistent password files." and the suggestion to user pwconv. In this case, pwconv returns exit status 0 without resolving the problem.

I'm unclear on what the proper solution is. We should reorganize our authorizations so we don't need 52 of them, but if this many auths is going to break the system, perhaps pwconv could check for this error state or the limit could be stated in documentation associated in some way with pwconv/rbac/usermod.

Also available in: Atom