[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 8 char max passwd size under RH5.2



Thanks to all those who replied to my message!
I will try bigcrypt and if it doesnt work, MD5. I kinda figured it was
because DES was 56bit. Then again I don't know much about this, so I thought
I would ask.

Thanks a lot guys.

Reid Sutherland
Network Administrator
ISYS Technology Inc.
http://www.isys.ca
Fingerprint: 1683 001F A573 B6DF A074  0C96 DBE0 A070 28BE EEA5

-----Original Message-----
From: Andrew Phillips <atp@mssl.ucl.ac.uk>
To: pam-list@redhat.com <pam-list@redhat.com>
Date: Tuesday, February 23, 1999 10:09 AM
Subject: Re: 8 char max passwd size under RH5.2


>Hi,
>
>> How do you change the maximum passwd lengh to something higher then 8?
>
> This is a limit of the crypt() algorithm.
>    8 characters at 7 bits/character = 56bits. This is the length of
>    the standard DES key.
>    If you want passwords longer than 8 characters, you will need
>    to use a different algorithm. Ones that I know PAM supports are
>
> MD5 - used on *BSD for example
> bigcrypt - used as part of Digital Enhanced Security.
>
>    bigcrypt() is backwards compatible with crypt(), in that in the case
>    of 8 character or less passwords, the resulting encrypted password is
>    identical to that returned by crypt(). Longer than 8 characters lead
>    to extension blocks.
>
> To enable bigcrypt, add the flag "bigcrypt" to your pam.d files.
>e.g.
>/etc/pam.d/login
>#%PAM-1.0
>auth       required     /lib/security/pam_securetty.so
>auth       required     /lib/security/pam_pwdb.so bigcrypt nullok
>auth       required     /lib/security/pam_nologin.so
>account    required     /lib/security/pam_pwdb.so
>password   required     /lib/security/pam_cracklib.so
>password   required     /lib/security/pam_pwdb.so bigcrypt nullok
use_authtok
>session    required     /lib/security/pam_pwdb.so
>
> Notes:
> 1) This has been in place since at least RedHat 5.1
> 2) This was developed expressly for interworking Digital UNIX
>    and RedHat linux. There may be bugs when using it "standalone"
>    If so - please contact me and I'll try and fix them.
> 3) If you are unsure about this, use MD5.
> 4) If you use SAMBA watch out for long passwords and samba 1.9.18,
>    we have had problems, as samba seems to chop passwords off
>    at about 14 characters. Windows users can log in via telnet but
>    cannot connect to shares using "user level" security.
>
> Andy
>
>--
>atp@nojunk-mssl.ucl.ac.uk             |        Dr. Andy Phillips
>phillips@nojnk-isass1.solar.isas.ac.jp| Mullard Space Science Laboratory
>a.phillips@nojunk-ucl.ac.uk           | "It's the late 1990s, This is a
spam
>atp@nojunk-coralcay.demon.co.uk       | protected .sig. You know what to
do"
>
>--
>To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []