Re: extending yppasswd max password length?

[Dave Sherohman <esper@sherohman.org>]

On Fri, Sep 21, 2001 at 01:11:08PM +0000, Miquel van Smoorenburg wrote:
> In article <[🔎] 20010921205842.A737@bloopie>,
> Eric Boo  <moongazer@gmx.net> wrote:
> >I'm using sid's nis package. I noticed that when changing a password
> >using yppasswd, it seems to truncate the password, even if one keys in a
> >password that consists of say 12 characters.
> >So after the password is changed (password = 1234567890ab), i can log
> >in using 1234567890cd or so.
> 
> Welcome to Unix.

Welcome to the legacy of (old-style) crypt()-hashed passwords.  Debian
boxes are able to use MD5 password hashes instead, which removes the
8-character limit on password length.

NIS is capable of working with MD5 passwords if both client and
server support them.  You _should_, therefore, be able to get past
the length limitation by setting up all machines to use MD5.

Unfortunately, yppasswd assumes that you're using crypt() and
truncates the entered password at 8 characters rather than allowing
the underlying system to handle the password to the best of its
ability.

IMO, this assumption is a bug in the design of NIS.  Does anyone know
of a good reason for preserving this assumption in the age of MD5?

-- 
When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius