Re: Preseeded setting on openssh-server ignored

To: Debian User <debian-user@lists.debian.org>
Subject: Re: Preseeded setting on openssh-server ignored
From: Tom H <tomh0665@gmail.com>
Date: Sun, 15 Jun 2014 07:07:48 -0400
Message-id: <[🔎] CAOdo=SzLzcXtJ8yy4NeagfErSc9Lw-hLk18nQNEqqe4m0YAXMA@mail.gmail.com>
In-reply-to: <[🔎] alpine.DEB.2.02.1406142316460.8203@brutus.ling.ohio-state.edu>
References: <[🔎] 20140612221413.GC18471@hysteria.proulx.com> <[🔎] 539B3DB1.3040005@cse.iitb.ac.in> <[🔎] 20140613202528.GA30812@hysteria.proulx.com> <[🔎] 20140613224249.0f18fb80@anubis.defcon1> <[🔎] 20140613210206.GD30812@hysteria.proulx.com> <[🔎] slrnlpo3v4.21v.curty@einstein.electron.org> <[🔎] 20140614193534.GA24402@hysteria.proulx.com> <[🔎] alpine.DEB.2.02.1406142316460.8203@brutus.ling.ohio-state.edu>

On Sun, Jun 15, 2014 at 12:32 AM,  <davidson@ling.ohio-state.edu> wrote:
> On Sat, 14 Jun 2014, Bob Proulx wrote:
>>
>> The biggest problem I have found using random passwords is that some
>> sites truncate the password to a shorter number of characters.  Some
>> of those are fairly high profile sites!  http://www.schwab.com/ is a
>> good example that truncates passwords at eight characters.  There is
>> no defensible rationale for doing that truncation.  When I see that I
>> assume that means that they are storing the plaintext of the password
>> somewhere.  Otherwise if they were properly hashing the password why
>> would they feel the need to truncate it?
>
> well, this doesn't look all that old...
>
> http://docs.oracle.com/cd/E18752_01/html/816-4558/toc.html
>
>>>   The System Administration Guide: Naming and Directory Services (NIS+)
>>>
>>> Copyright © 1994, 2010, Oracle and/or its affiliates. All rights
>>> reserved.
>
> and, drilling down a little...
>
> http://docs.oracle.com/cd/E18752_01/html/816-4558/a08paswd-15680.html
>
>>> A password must meet the following requirements:
>>>   * Length. By default, a password must have at least six characters.
>>> Only the first eight
>>>     characters are significant. (In other words, you can have a password
>>> that is longer than
>>>     eight characters, but the system only checks the first eight.)
>>> Because the minimum
>>>     length of a password can be changed by a system administrator, it may
>>> be different on
>>>     your system.
>
> pretty nice, eh?
>
> there is an NIS package in debian.  couldn't find any indication of
> its maximum (significant) password length, myself.  does it check more
> than eight characters?

The documentation that you linked to was for nisplus not nis. nis on
Debian (or nisplus if it's available) doesn't have that restriction.

The paswword length in that documentation is restricted by the default
crypt policy of Solaris =<10 because it uses crypt_unix (the
traditional unix crypt algorithm), which doesn't support a password
length >8. IIRC, the ability to change the default crypt policy was
introduced with Solaris 9 in 2002.

Reply to:

References:
- Re: Re: Preseeded setting on openssh-server ignored
  - From: Bob Proulx <bob@proulx.com>
- Re: Re: Re: Preseeded setting on openssh-server ignored
  - From: Murukesh Mohanan <murukesh@cse.iitb.ac.in>
- Re: Re: Re: Preseeded setting on openssh-server ignored
  - From: Bob Proulx <bob@proulx.com>
- Re: Preseeded setting on openssh-server ignored
  - From: Bzzzz <lazyvirus@gmx.com>
- Re: Preseeded setting on openssh-server ignored
  - From: Bob Proulx <bob@proulx.com>
- Re: Preseeded setting on openssh-server ignored
  - From: Curt <curty@free.fr>
- Re: Preseeded setting on openssh-server ignored
  - From: Bob Proulx <bob@proulx.com>
- Re: Preseeded setting on openssh-server ignored
  - From: davidson@ling.ohio-state.edu

Prev by Date: Re: PulseAudio (was Re: Sid Foibles)
Next by Date: Re: Can Iceweasel and Firefox co-exist on Wheezy.
Previous by thread: Re: Preseeded setting on openssh-server ignored
Next by thread: Re: Preseeded setting on openssh-server ignored
Index(es):
- Date
- Thread