[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

TYPO RE: 8 char max passwd size under RH5.2



Sorry, typo below...

scott mann wrote:
> 
> OK. Here's what I did on RedHat 5.2:
> 
> # cat /etc/pam.d/login
> passwd  /lib/security/pam_cracklib.so   minlen=13 retry=3
> passwd  /lib/security/pam_pwdb.so       shadow use_authtok md5
> <other stuff deleted>
> #
> 
> Now, the key is the minlen param on cracklib. Reading the docs,
> minlen is the minimum acceptable password length +1 (so in this
> case it is 14). However the docs go on to talk about *credit, in
> short:
> 
> dcredit=n, max credit for having digits in password. default n=1
> ucredit=n, max credit for having upper case letters in password,
>                 default n=1
> lcredit=n, max credit for having lower case letters in password,
>                 default n=1
> ocredit=n, max credit for haveing other (non alph-numeric) chars
>                 in password, default n=1
> 
> So, if you have a password which contains lowercase, uppercase, numeric,
> and other then by setting minlen=10, your minimum length pw is 10.
                                   ^^ should be 14
So, 14 - 4 credits = 10
> 
> I tried it and it works. Check it out.
> 
> Scott
> 
> Reid Sutherland wrote:
> >
> > Background info: Test machine, Rh5.2 with Linux 2.2.1, running stock (RH
> > install) version of PAM.
> >
> > I tried using bigcrypt() instead of crypt() and my passwords still only come
> > up as 8 chars. I'm obviously doing something wrong, now the only reason I'm
> > not using MD5 is because I do not want to reenter all the passwords and
> > rebuild the whole bloody system :)
> >
> > Any suggestions on stuff to look for as to why bigcrypt is not working.
> > I modified the following in the /etc/pam.d
> > passwd, login, su to reflect the new encryption type. Then I did a passwd on
> > my username change it to an extended (10 char) password and tried to login.
> > I only enter the first 8 chars and still got the same thing as I would get
> > with crypt.
> >
> > Reid Sutherland
> > Network Administrator
> > ISYS Technology Inc.
> > http://www.isys.ca
> > Fingerprint: 1683 001F A573 B6DF A074  0C96 DBE0 A070 28BE EEA5
> >
> > -----Original Message-----
> > From: Andrew Phillips <atp@mssl.ucl.ac.uk>
> > To: pam-list@redhat.com <pam-list@redhat.com>
> > Date: Tuesday, February 23, 1999 10:09 AM
> > Subject: Re: 8 char max passwd size under RH5.2
> >
> > >Hi,
> > >
> > >> How do you change the maximum passwd lengh to something higher then 8?
> > >
> > > This is a limit of the crypt() algorithm.
> > >    8 characters at 7 bits/character = 56bits. This is the length of
> > >    the standard DES key.
> > >    If you want passwords longer than 8 characters, you will need
> > >    to use a different algorithm. Ones that I know PAM supports are
> > >
> > > MD5 - used on *BSD for example
> > > bigcrypt - used as part of Digital Enhanced Security.
> > >
> > >    bigcrypt() is backwards compatible with crypt(), in that in the case
> > >    of 8 character or less passwords, the resulting encrypted password is
> > >    identical to that returned by crypt(). Longer than 8 characters lead
> > >    to extension blocks.
> > >
> > > To enable bigcrypt, add the flag "bigcrypt" to your pam.d files.
> > >e.g.
> > >/etc/pam.d/login
> > >#%PAM-1.0
> > >auth       required     /lib/security/pam_securetty.so
> > >auth       required     /lib/security/pam_pwdb.so bigcrypt nullok
> > >auth       required     /lib/security/pam_nologin.so
> > >account    required     /lib/security/pam_pwdb.so
> > >password   required     /lib/security/pam_cracklib.so
> > >password   required     /lib/security/pam_pwdb.so bigcrypt nullok
> > use_authtok
> > >session    required     /lib/security/pam_pwdb.so
> > >
> > > Notes:
> > > 1) This has been in place since at least RedHat 5.1
> > > 2) This was developed expressly for interworking Digital UNIX
> > >    and RedHat linux. There may be bugs when using it "standalone"
> > >    If so - please contact me and I'll try and fix them.
> > > 3) If you are unsure about this, use MD5.
> > > 4) If you use SAMBA watch out for long passwords and samba 1.9.18,
> > >    we have had problems, as samba seems to chop passwords off
> > >    at about 14 characters. Windows users can log in via telnet but
> > >    cannot connect to shares using "user level" security.
> > >
> > > Andy
> > >
> > >--
> > >atp@nojunk-mssl.ucl.ac.uk             |        Dr. Andy Phillips
> > >phillips@nojnk-isass1.solar.isas.ac.jp| Mullard Space Science Laboratory
> > >a.phillips@nojunk-ucl.ac.uk           | "It's the late 1990s, This is a
> > spam
> > >atp@nojunk-coralcay.demon.co.uk       | protected .sig. You know what to
> > do"
> > >
> > >--
> > >To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> > >
> >
> > --
> > To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []