Increase login length limit to 128 characters

[Tener]

Traditionally POSIX systems imposed a maximum of 32 characters for the length of any particular username. Teleport was following this limit. However, many modern systems follow higher limits like 255.

This change increases the maximum to 128 characters. I believe the full 255 characters are unlikely to be used in practice and likely a result of an error.

Changelog: maximum length for individual UNIX login was increased to 128 characters from previous 32.

[hugoShaka]

Traditionally POSIX systems imposed a maximum of 32 characters for the length of any particular username.

Can we still find such systems in the wild? For example old/weird things (routers, old boxes) registered in teleport as Agentless OpenSSH nodes. What happens if you try to connect to such system with a longer login? Does the user get an error?

Can it mess with host user creation (e.g. you've got an old box and we create host users, except if your role contains a login too long)? Or do we just don't support those systems already?

[ethan-gallant]

@hugoShaka it's actually configurable at the kernel level. Debian for example sets the limit at 255 chars.

https://man7.org/linux/man-pages/man3/sysconf.3.html
https://android.googlesource.com/platform/bionic/+/refs/heads/main/libc/include/limits.h#146
https://codebrowser.dev/glibc/glibc/sysdeps/unix/sysv/linux/bits/local_lim.h.html#89

Generally the legacy 32 character limit has always been considered a best-practice, however a few binaries such as useradd set their own hard-coded limit without consideration for the kernel-level configuration.

[rosstimothy]

Yeah I'm hesitant to roll this out without further exploration and consideration. I also feel that if we do decide to proceed with this change it might be best not to backport it.

[Tener]

Yeah I'm hesitant to roll this out without further exploration and consideration. I also feel that if we do decide to proceed with this change it might be best not to backport it.

Fair enough. There is also this unexpected integration test failure:

        	Error Trace:	/__w/teleport/teleport/integration/appaccess/appaccess_test.go:433
        	            				/__w/teleport/teleport/integration/appaccess/fixtures.go:379
        	Error:      	elements differ
        	            	
        	            	extra elements in list B:
        	            	([]interface {}) (len=1) {
        	            	 (string) (len=36) "c73937d4-6710-4676-b9d3-4d0f4a4e1a8a"
        	            	}
        	            	
        	            	
        	            	listA:
        	            	([]string) (len=3) {
        	            	 (string) (len=4) "root",
        	            	 (string) (len=6) "ubuntu",
        	            	 (string) (len=23) "-teleport-internal-join"
        	            	}
        	            	
        	            	
        	            	listB:
        	            	([]string) (len=4) {
        	            	 (string) (len=4) "root",
        	            	 (string) (len=6) "ubuntu",
        	            	 (string) (len=23) "-teleport-internal-join",
        	            	 (string) (len=36) "c73937d4-6710-4676-b9d3-4d0f4a4e1a8a"
        	            	}
        	Test:       	TestAppAccess/RewriteHeadersLeaf
    --- FAIL: TestAppAccess/RewriteHeadersLeaf (0.14s)