On Thu, 2003-12-04 at 15:12, Ruben Porras wrote: > I've discovered that login, sudo, gdm only take care of the first 8 > characters of the passwd. The following characters don't count. See the > following example (I've created a new user just to make the test) > > $$ adduser test > Adding user test... > Adding new group test (1006). > Adding new user test (1006) with group test. > Enter new UNIX password: qwertyuiop <-- this, for example 10 letters > Retype new UNIX password: qwertyuiop > passwd: password updated successfully > Changing the user information for test > Enter the new value, or press ENTER for the default > Full Name []: > Room Number []: > Work Phone []: > Home Phone []: > Other []: > Is the information correct? [y/n] y > > $$ su test > Password: qwertyui <--- only 8 letters (qwertyuivnksshfdd, for example > would be also ok) > $$ whoami > test > > > I don't see nothing about this in BTS, I'm puzzled. Why would it be ib BTS? That is standard SOP. If you are root... no password needed on that unless you have more than traditional *NIX security. Remember root OWNS the system. root RULES the roost. Now if you try it as an unprivileged user and it succeeds... then we gots LOTSA problems to deal with. -- greg@gregfolkert.net REMEMBER ED CURRY! http://www.iwethey.org/ed_curry
Attachment:
signature.asc
Description: This is a digitally signed message part