[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 8 char max passwd size under RH5.2

Background info: Test machine, Rh5.2 with Linux 2.2.1, running stock (RH
install) version of PAM.

I tried using bigcrypt() instead of crypt() and my passwords still only come
up as 8 chars. I'm obviously doing something wrong, now the only reason I'm
not using MD5 is because I do not want to reenter all the passwords and
rebuild the whole bloody system :)

Any suggestions on stuff to look for as to why bigcrypt is not working.
I modified the following in the /etc/pam.d
passwd, login, su to reflect the new encryption type. Then I did a passwd on
my username change it to an extended (10 char) password and tried to login.
I only enter the first 8 chars and still got the same thing as I would get
with crypt.

Reid Sutherland
Network Administrator
ISYS Technology Inc.
Fingerprint: 1683 001F A573 B6DF A074  0C96 DBE0 A070 28BE EEA5

-----Original Message-----
From: Andrew Phillips <atp@mssl.ucl.ac.uk>
To: pam-list@redhat.com <pam-list@redhat.com>
Date: Tuesday, February 23, 1999 10:09 AM
Subject: Re: 8 char max passwd size under RH5.2

>> How do you change the maximum passwd lengh to something higher then 8?
> This is a limit of the crypt() algorithm.
>    8 characters at 7 bits/character = 56bits. This is the length of
>    the standard DES key.
>    If you want passwords longer than 8 characters, you will need
>    to use a different algorithm. Ones that I know PAM supports are
> MD5 - used on *BSD for example
> bigcrypt - used as part of Digital Enhanced Security.
>    bigcrypt() is backwards compatible with crypt(), in that in the case
>    of 8 character or less passwords, the resulting encrypted password is
>    identical to that returned by crypt(). Longer than 8 characters lead
>    to extension blocks.
> To enable bigcrypt, add the flag "bigcrypt" to your pam.d files.
>auth       required     /lib/security/pam_securetty.so
>auth       required     /lib/security/pam_pwdb.so bigcrypt nullok
>auth       required     /lib/security/pam_nologin.so
>account    required     /lib/security/pam_pwdb.so
>password   required     /lib/security/pam_cracklib.so
>password   required     /lib/security/pam_pwdb.so bigcrypt nullok
>session    required     /lib/security/pam_pwdb.so
> Notes:
> 1) This has been in place since at least RedHat 5.1
> 2) This was developed expressly for interworking Digital UNIX
>    and RedHat linux. There may be bugs when using it "standalone"
>    If so - please contact me and I'll try and fix them.
> 3) If you are unsure about this, use MD5.
> 4) If you use SAMBA watch out for long passwords and samba 1.9.18,
>    we have had problems, as samba seems to chop passwords off
>    at about 14 characters. Windows users can log in via telnet but
>    cannot connect to shares using "user level" security.
> Andy
>atp@nojunk-mssl.ucl.ac.uk             |        Dr. Andy Phillips
>phillips@nojnk-isass1.solar.isas.ac.jp| Mullard Space Science Laboratory
>a.phillips@nojunk-ucl.ac.uk           | "It's the late 1990s, This is a
>atp@nojunk-coralcay.demon.co.uk       | protected .sig. You know what to
>To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []