[SOLVED] Login possible with half of the password in Slack64 14.1
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Check you /etc/login.defs file. What is ENCRYPT_METHOD set to?
Looks like your user is using a DES encrypted password (lack of a $id$ prefix is the clue), which would explain why only 8 chars are being treated as significant. I don't even recognise the encoding on your root user, normally I'd expect to see password strings starting with "$5$" on a default Slackware 14.1 as it uses SHA256 encryption as shipped.
If your login.defs file is correct(ed), you should be able to fix the passwords by simply running the passwd command to change them again (you can specify the same password string as you used previously - though now you've posted the encrypted strings for the world to see, that's probably not a good idea ).
In the case of DES, the key (that is, password) used to create the encrypted password uses the lowest 7 bits of the first 8 characters, for a 56-bit key. Check that ENCRYPT_METHOD in /etc/login.defs is set to MD5, SHA256 (this is what it should be set to by default on Slackware 14.1; your case is unusual, is this an install you've upgraded repeatedly?) or SHA512. For these, the entirety of the key is significant. Once you've confirmed this, change your password.
Check you /etc/login.defs file. What is ENCRYPT_METHOD set to?
If your login.defs file is correct(ed), you should be able to fix the passwords by simply running the passwd command to change them again (you can specify the same password string as you used previously - though now you've posted the encrypted strings for the world to see, that's probably not a good idea ).
You really think I posted them without some minor changes here and there? Think again
That's very odd. Changing your password should fix your immediate problem, but you should consider performing an audit to ensure these issues aren't due to any malicious activity.
cannot confirm this to my slack64 14.1 - cannot login to user with 8 symb instead of full 10 symbols password, and also in sjhadows user password starts with $5$...
That's very odd. Changing your password should fix your immediate problem, but you should consider performing an audit to ensure these issues aren't due to any malicious activity.
What can I do to check that? I need to know if this computer is clean for it is my office workstation.
Is it possible to have 2 encryption methods for different users? Root pass do have $id$ at the beginning while my user do not.
Yes. The purpose of the $id$ field is to allow different users to use different password encryption methods. Generally, all users will use the same method, however, if the administrator (or shadow-utils) changed the default encryption method, you would still want to be able to log in; and for a time, some users would be using the new encryption method, while others used the old.
Yes. The purpose of the $id$ field is to allow different users to use different password encryption methods. Generally, all users will use the same method, however, if the administrator (or shadow-utils) changed the default encryption method, you would still want to be able to log in; and for a time, some users would be using the new encryption method, while others used the old.
I am the administrator and I didn't do anything like this.
Check your logs, disable unnecessary services, verify the integrity of the services you are running, check that your bootscript have not been tampered with, check for any setuid executables that shouldn't be.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.