[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Why is passwd truncating passwords



another thing that may help even thought the file comments say that is ignored if using md5 or blowfish is

pc> cat /etc/login.defs | grep PASS_MAX_LEN

PASS_MAX_LEN    255

The comments for this setting say

#
# Number of significant characters in the password for crypt().
# Default is 8, don't change unless your crypt() is better.
# Ignored if the "md5" or "blowfish" option is given to the
# pam_pwcheck module.
#

but it may be worth a try if everything else fails.

Arjen Runsink wrote:
Hi all,

This must be a bug in passwd.

On Friday 14 May 2004 22:56, Jose J. Cintron wrote:

i'm running 8.2.  try using md5 too see if it's a bug in the blowfish

password:       blowfish nullok
Manual says it will truncate at 97 or so chars.

72 I just reread


It truncates with DES, MD5 and blowfish
When using yast to modify a user password +8 long pws work.

Explicitely setting an allowable password length seems to work however.

# cat pam_pwcheck.conf | grep maxlen
password:       minlen=6 maxlen=16 cracklib md5 nullok


--

+------------------------------------------
| José J. Cintrón - <jcintron@xxxxxxxxx>
|
| MITRE Corporation
| 7515 Colshire Drive
| Mail Stop W424
| McLean, VA  22102-7508
|
| Phone: 703.883.3040
| Fax: 703.883.1397
+------------------------------------------


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here