[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (no subject)

werewolf@epix.net (Mark) wrote:
>Not actually a bug, but a recommendation for later distributions
>security, i've noticed 2.1 only allows something along the lines of an 8
>character password. If someone were to get ahold of someone's username,
>which is easy to do, and they of course had some queer password guessing
>tool that tried all combinations within the 8 char limit, it'd be pretty
>easy to at least do that. I've tested other distributions like
>slackware, slack7 allows a 126 character password at max which is a
>really good thing. Just a recommendation.

Any administrator can change this by poking PAM to use MD5 passwords,
but it's not enabled by default. This might be because other Unix
systems don't necessarily support it, which can cause problems if you're
using something like NIS and sharing crypted passwords around (or so I

Colin Watson                                           [cjw44@cam.ac.uk]

Reply to: