[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 8 char max passwd size under RH5.2



Hi,

> How do you change the maximum passwd lengh to something higher then 8?
	
	This is a limit of the crypt() algorithm. 
    8 characters at 7 bits/character = 56bits. This is the length of
    the standard DES key. 
    	If you want passwords longer than 8 characters, you will need
    to use a different algorithm. Ones that I know PAM supports are
    	
	MD5		- used on *BSD for example
	bigcrypt	- used as part of Digital Enhanced Security.
     
    bigcrypt() is backwards compatible with crypt(), in that in the case
    of 8 character or less passwords, the resulting encrypted password is
    identical to that returned by crypt(). Longer than 8 characters lead
    to extension blocks. 
    	
	To enable bigcrypt, add the flag "bigcrypt" to your pam.d files.
e.g.
/etc/pam.d/login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_pwdb.so bigcrypt nullok
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so bigcrypt nullok use_authtok
session    required     /lib/security/pam_pwdb.so

	Notes:
	1) This has been in place since at least RedHat 5.1
	2) This was developed expressly for interworking Digital UNIX
	   and RedHat linux. There may be bugs when using it "standalone"
	   If so - please contact me and I'll try and fix them.
	3) If you are unsure about this, use MD5.
	4) If you use SAMBA watch out for long passwords and samba 1.9.18,
	   we have had problems, as samba seems to chop passwords off 
	   at about 14 characters. Windows users can log in via telnet but
	   cannot connect to shares using "user level" security.

			Andy

-- 
atp@nojunk-mssl.ucl.ac.uk             |        Dr. Andy Phillips
phillips@nojnk-isass1.solar.isas.ac.jp| Mullard Space Science Laboratory
a.phillips@nojunk-ucl.ac.uk           | "It's the late 1990s, This is a spam   
atp@nojunk-coralcay.demon.co.uk       | protected .sig. You know what to do"



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []