Bugtraq mailing list archives
Re: Bug in login
From: poidog () IAV COM (System Grunt)
Date: Tue, 1 Sep 1998 12:28:47 -1000
On Tue, 1 Sep 1998, Jason Ackley wrote:
On Tue, 1 Sep 1998, Justin Priestley wrote:Not sure if this is known yet. I use FreeBSD and also work on BSDI. If a user has numbers on the end of their passwd, this is not recognised. Add a user and telnet to your machine. Make sure the passwd has numbers on the end.Unable to replicate on BSDI 3.1, how long was the password before the numbers started? What is the password length setting in /etc/login.conf?
On BSDi 2.1 also doesn't matter, password limits of 8 or 128, tested on both. Jason, is probably right that you used a password exceeding 8 characters in length. Meaning asdfasdf is the same as asdfasdf1 or asdfasdfx or asdfasdfbuggaboo. It just truncates it after the first 8 characters... guess that's why it's 8 significant characters. ;) Now a real fun one is using a username of ONLY numerics. Try adding a user '1234' then see how that affects quotas on that user...
After the default setting of 8 chars, nothing matters, BSDI does support 'widepasswords' of 128 chars though that you must enable in /etc/login.conf. See login.conf(5)
-- Aloha from Paradise, Sherwood System Grunt
Current thread:
- Bug in login Justin Priestley (Aug 31)
- Re: Bug in login Jason Ackley (Sep 01)
- Re: Bug in login System Grunt (Sep 01)
- ISS Vulnerability Alert: Remote Buffer Overflow in the Kolban X-Force (Sep 01)
- Re: Bug in login Jason Ackley (Sep 01)