[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: extrange passwd behaviour

On Thu, 2003-12-04 at 15:12, Ruben Porras wrote:
> I've discovered that login, sudo, gdm only take care of the first 8
> characters of the passwd. The following characters don't count. See the
> following example (I've created a new user just to make the test)
> $$ adduser test
> Adding user test...
> Adding new group test (1006).
> Adding new user test (1006) with group test.
> Enter new UNIX password: qwertyuiop <-- this, for example 10 letters
> Retype new UNIX password: qwertyuiop
> passwd: password updated successfully
> Changing the user information for test
> Enter the new value, or press ENTER for the default
>         Full Name []:
>         Room Number []:
>         Work Phone []:
>         Home Phone []:
>         Other []:
> Is the information correct? [y/n] y
> $$ su test
> Password: qwertyui <--- only 8 letters (qwertyuivnksshfdd, for example
> would be also ok)
> $$ whoami
> test
> I don't see nothing about this in BTS, I'm puzzled.
Why would it be ib BTS?

That is standard SOP. If you are root... no password needed on that
unless you have more than traditional *NIX security.

Remember root OWNS the system. root RULES the roost.

Now if you try it as an unprivileged user and it succeeds... then we
gots LOTSA problems to deal with.

REMEMBER ED CURRY! http://www.iwethey.org/ed_curry

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: