[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: logins with extra charecters works!?!



> Later, when they'd su, they'd type in all 12 characters. It would work.
> Of course, if they got the last couple wrong, it would still work.
> (Incidentally, they used the same password on another platform which _did_
> support the longer version... I ended up being the one who got burned
> since I only could ever remember the first 8 characters! ;-)

oh well...

> 
> IMHO, this is the way it should be, to protect people who don't know about
> password length limits... The alternative would have been for every su for
> my friends to fail (or in the case of a user, they'd think they were
> locked our of their account). I guess the other alternative would be for
> the passwd program to screen for longer passwords and warn the user, but

> Now, if you want to go back and suggest that the crypt be replaced with
> something more attentive to characters beyond 8, I'd say that you should
> move to MD5 shadow password files, which permit much longer passwords.

where do I get MD5 shadow passwords and will they work on redhat?

> 
> Note also that the original exapmle, I'm betting, isn't true -- if the
> password is bill (ie 4 characters) and they type billybob, they won't get
> logged in. It's only when the extra chacters appear after the first 8.


true......

mike
shred@m119.sail.leon.k12.fl.us



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []