Username/password length

[amanda11]

With the introduction of https://github.com/StackStorm/st2web/pull/887 there is a username and password limit set, but there is no equivalent check in the CLI.

Some feedback from @m4dcoder "There's going to be some challenges there because the st2auth backends are not managed by st2 (i.e. htpasswd, LDAP, etc.). If those auth providers allow longer usernames and passwords, there's not much we can do other than throw an error that says username/passwords is beyond supported length when user login via the CLI."

[nzlosh]

htpasswd appears to support up to 255 characters for the username

These two locations hint at username < MAX_STRING_LEN - 1 https://github.com/apache/httpd/blob/21f16155c38e406e0a0daaa60a539d66128cf044/support/htpasswd.c#L91 https://github.com/apache/httpd/blob/21f16155c38e406e0a0daaa60a539d66128cf044/support/htpasswd.c#L239

MAX_STRING_LENGTH is set to 256 https://github.com/apache/httpd/blob/21f16155c38e406e0a0daaa60a539d66128cf044/support/passwd_common.h#L35

Linux systems appear to agree with this character limit (although not directly related to St2 Authentication) 256 is the limit for ubuntu, debian and centos

getconf LOGIN_NAME_MAX
256

I saw in some forums that AD has shorter constraints but St2 should allow the largest constraint IMO:

Active Directory has constraints Cn (Common-Name): 64 There is no attribute like 'fullname' the closest one is 'display-Name' and has a limit on 256