Re: Preseeded setting on openssh-server ignored

[davidson@ling.ohio-state.edu]

On Sat, 14 Jun 2014, Bob Proulx wrote:

> The biggest problem I have found using random passwords is that some
> sites truncate the password to a shorter number of characters.  Some
> of those are fairly high profile sites!  http://www.schwab.com/ is a
> good example that truncates passwords at eight characters.  There is
> no defensible rationale for doing that truncation.  When I see that I
> assume that means that they are storing the plaintext of the password
> somewhere.  Otherwise if they were properly hashing the password why
> would they feel the need to truncate it?

well, this doesn't look all that old...

http://docs.oracle.com/cd/E18752_01/html/816-4558/toc.html

> >   The System Administration Guide: Naming and Directory Services (NIS+)
> >
> > Copyright © 1994, 2010, Oracle and/or its affiliates. All rights reserved.

and, drilling down a little...

http://docs.oracle.com/cd/E18752_01/html/816-4558/a08paswd-15680.html

> > A password must meet the following requirements:
> >   * Length. By default, a password must have at least six characters. Only the first eight
> >     characters are significant. (In other words, you can have a password that is longer than
> >     eight characters, but the system only checks the first eight.) Because the minimum
> >     length of a password can be changed by a system administrator, it may be different on
> >     your system.

pretty nice, eh?

there is an NIS package in debian.  couldn't find any indication of
its maximum (significant) password length, myself.  does it check more
than eight characters?

-wes