Re: (no subject)

To: debian-devel@lists.debian.org
Cc:
Subject: Re: (no subject)
From: cjw44@cam.ac.uk (Colin Watson)
Date: Fri, 10 Mar 2000 21:24:30 +0000
Message-id: <[🔎] E12TWta-0004xw-00@riva.ucam.org>
In-reply-to: <[🔎] 38C8AE24.162E9AEA@epix.net>

werewolf@epix.net (Mark) wrote:
>Not actually a bug, but a recommendation for later distributions
>security, i've noticed 2.1 only allows something along the lines of an 8
>character password. If someone were to get ahold of someone's username,
>which is easy to do, and they of course had some queer password guessing
>tool that tried all combinations within the 8 char limit, it'd be pretty
>easy to at least do that. I've tested other distributions like
>slackware, slack7 allows a 126 character password at max which is a
>really good thing. Just a recommendation.

Any administrator can change this by poking PAM to use MD5 passwords,
but it's not enabled by default. This might be because other Unix
systems don't necessarily support it, which can cause problems if you're
using something like NIS and sharing crypted passwords around (or so I
understand).

-- 
Colin Watson                                           [cjw44@cam.ac.uk]

Reply to:

References:
- (no subject)
  - From: Mark <werewolf@epix.net>

Prev by Date: cannot login in xdm anymore (upgrade potato -> potato)
Next by Date: Re: better RSYNC mirroring , for .debs and others
Previous by thread: (no subject)
Next by thread: Re: (no subject)
Index(es):
- Date
- Thread