Bugtraq mailing list archives
Re: Redhat 6.0 Password Issues
From: eparker () MINDSEC COM (Erik Parker)
Date: Sat, 11 Sep 1999 18:18:18 -0600
Yes, it is part of the UNIX crypt.. It can also be changed very easy, however the problem with that is.. many daemons (lots of ftpd's) do not support more than 8 character passwords. Or, they didn't a couple of years ago, I have just accepted it, and gone on with life. This is also all covered on redhat.com in deatil in the documentation. You will also note in your login.defs # # Number of significant characters in the password for crypt(). # Default is 8, don't change unless your crypt() is better. # Ignored if MD5_CRYPT_ENAB set to "yes". # #PASS_MAX_LEN 8 On Fri, 10 Sep 1999, Josh Higham wrote:
Gentleman; I submitted what I thought was a minor issue on Redhat's handling of passwords. Is it me? Is it something I missed? Any password you assign over 8 characters gets cut...This is a result of UNIX crypt (I believe). Standard unix passwords only handle the first 8 characters of a password; RH6.0 allows you to install MD5 passwords, which can give you additional length, if desired.At first I thought it was my system but its not since I tested it at home, but then at work its the same thing: ------snip------ passwd I typed it p4$sW3rd$ as my password but I was able to log in using p4$sW3rD ctrl-alt-del bash $ passwd changed it to 1234567899999 and I was able to log in using: 12345678 -----endsnip----- Does anyone else know of this? Has anyone heard of this? by the way I bcc'd this to Redhat as well. ;) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Yours Truly J. Oquendo sil () antioffline com sil () macroshaft org "Linux -- Where you really can go tommorow" ID 0x1281EC4F DH/DSS 4096/1024 CIPHER: CAST PGP Fingerprint 46C0 6A83 E6D2 FEA6 383A B9A6 44D3 4E77 1281 EC4F -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBN6d/aETTTncSgexPEQLuAgCfRF5dpZii9yEPnqZ+F+ AEbzB+KL0An3mXPk+Y8lZxkr0crgw72zPX5w71=tCpK -----END PGP SIGNATURE-----
Erik Parker eparker () mindsec com
Current thread:
- Redhat 6.0 Password Issues root3d (Sep 08)
- <Possible follow-ups>
- Re: Redhat 6.0 Password Issues Josh Higham (Sep 10)
- Re: Redhat 6.0 Password Issues Erik Parker (Sep 11)
- Re: Redhat 6.0 Password Issues Alan Brown (Sep 11)
- CGI security Kerb (Sep 12)
- Re: CGI security Ivo van der Wijk (Sep 13)
- Re: CGI security Vladimir Dubrovin (Sep 14)
- Re: CGI security Arturo Busleiman (Sep 14)
- Multiple vulnerabilities in CDE Job de Haas (Sep 13)
- Re: Multiple vulnerabilities in CDE Troy A. Bollinger (Sep 13)
- Re: Multiple vulnerabilities in CDE Dan Astoorian (Sep 14)
- Vulnerability in dtspcd Job de Haas (Sep 13)
- Solaris 2.7 /usr/bin/mail Brock Tellier (Sep 13)