Re: extrange passwd behaviour
----- Original Message -----
From: "Ruben Porras" <nahoo82@telefonica.net>
To: <debian-security@lists.debian.org>
Sent: Friday, December 05, 2003 12:21 AM
Subject: Re: extrange passwd behaviour
El jue, 04-12-2003 a las 22:05, Kevin escribió:
> > I've discovered that login, sudo, gdm only take care of the first 8
> > characters of the passwd. The following characters don't count. See the
> > following example (I've created a new user just to make the test)
>
> If you are not using md5 passwords will have a max length of 8
> characters. If you're using md5 your pam config for passwd etc should
> look something like this:
> password required pam_unix.so md5
> And the passwords in the shadow file should start with $1$
The problem was that I was not using md5 passwd. I don't know why
/etc/pam.d/passwd was set to allow fall-through to the 'other' service.
The debconf configuration of passwd says that md5 should be enabled.
I've tried to run dpkg-reconfigure passwd with no effect, but that is
another problem and off-topic here.
Putting the line by hand works perfectly.
Thanks.
Hi
In Debian default
/etc/login.defs
#
# Number of significant characters in the password for crypt().
# Default is 8, don't change unless your crypt() is better.
# If using MD5 in your PAM configuration, set this higher.
#
PASS_MAX_LEN 8
-- Riku
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: