[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 8 char max passwd size under RH5.2



Ooops! forgot about the 8 char DES limit. Nonetheless,
you will need to look at the *credit options because
by default, each is set to 1, and has the effect of
reducing minlen under certain circumstances (at least
according to the docs)

So, bigcrypt or MD5 AND check out *credit.

Scott


Reid Sutherland wrote:
> 
> Thanks to all those who replied to my message!
> I will try bigcrypt and if it doesnt work, MD5. I kinda figured it was
> because DES was 56bit. Then again I don't know much about this, so I thought
> I would ask.
> 
> Thanks a lot guys.
> 
> Reid Sutherland
> Network Administrator
> ISYS Technology Inc.
> http://www.isys.ca
> Fingerprint: 1683 001F A573 B6DF A074  0C96 DBE0 A070 28BE EEA5
> 
> -----Original Message-----
> From: Andrew Phillips <atp@mssl.ucl.ac.uk>
> To: pam-list@redhat.com <pam-list@redhat.com>
> Date: Tuesday, February 23, 1999 10:09 AM
> Subject: Re: 8 char max passwd size under RH5.2
> 
> >Hi,
> >
> >> How do you change the maximum passwd lengh to something higher then 8?
> >
> > This is a limit of the crypt() algorithm.
> >    8 characters at 7 bits/character = 56bits. This is the length of
> >    the standard DES key.
> >    If you want passwords longer than 8 characters, you will need
> >    to use a different algorithm. Ones that I know PAM supports are
> >
> > MD5 - used on *BSD for example
> > bigcrypt - used as part of Digital Enhanced Security.
> >
> >    bigcrypt() is backwards compatible with crypt(), in that in the case
> >    of 8 character or less passwords, the resulting encrypted password is
> >    identical to that returned by crypt(). Longer than 8 characters lead
> >    to extension blocks.
> >
> > To enable bigcrypt, add the flag "bigcrypt" to your pam.d files.
> >e.g.
> >/etc/pam.d/login
> >#%PAM-1.0
> >auth       required     /lib/security/pam_securetty.so
> >auth       required     /lib/security/pam_pwdb.so bigcrypt nullok
> >auth       required     /lib/security/pam_nologin.so
> >account    required     /lib/security/pam_pwdb.so
> >password   required     /lib/security/pam_cracklib.so
> >password   required     /lib/security/pam_pwdb.so bigcrypt nullok
> use_authtok
> >session    required     /lib/security/pam_pwdb.so
> >
> > Notes:
> > 1) This has been in place since at least RedHat 5.1
> > 2) This was developed expressly for interworking Digital UNIX
> >    and RedHat linux. There may be bugs when using it "standalone"
> >    If so - please contact me and I'll try and fix them.
> > 3) If you are unsure about this, use MD5.
> > 4) If you use SAMBA watch out for long passwords and samba 1.9.18,
> >    we have had problems, as samba seems to chop passwords off
> >    at about 14 characters. Windows users can log in via telnet but
> >    cannot connect to shares using "user level" security.
> >
> > Andy
> >
> >--
> >atp@nojunk-mssl.ucl.ac.uk             |        Dr. Andy Phillips
> >phillips@nojnk-isass1.solar.isas.ac.jp| Mullard Space Science Laboratory
> >a.phillips@nojunk-ucl.ac.uk           | "It's the late 1990s, This is a
> spam
> >atp@nojunk-coralcay.demon.co.uk       | protected .sig. You know what to
> do"
> >
> >--
> >To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> >
> 
> --
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []