Hi,

I want to ask how it is possible to login to my user account with only half of the password or the whole password. Root account does not allow this.

My password is 16 symbols long but somehow I only need to type the first 8 of them. Root pass is 15 symbols and all are required to login.

In /etc/shadow root pass is encrypted with this Vrx$71XzduMSQWtoNPTr2Qoqh591NtyAe91DUOI8twQq.p9

and my pass with this
qa0mmfGrSWyEc

Is that the problem? How can I fix that?

Distro is Slackware64 14.1

Thanks for your time

Check you /etc/login.defs file. What is ENCRYPT_METHOD set to?

Looks like your user is using a DES encrypted password (lack of a $id$ prefix is the clue), which would explain why only 8 chars are being treated as significant. I don't even recognise the encoding on your root user, normally I'd expect to see password strings starting with "$5$" on a default Slackware 14.1 as it uses SHA256 encryption as shipped.

If your login.defs file is correct(ed), you should be able to fix the passwords by simply running the passwd command to change them again (you can specify the same password string as you used previously - though now you've posted the encrypted strings for the world to see, that's probably not a good idea ).

Hello.

In the case of DES, the key (that is, password) used to create the encrypted password uses the lowest 7 bits of the first 8 characters, for a 56-bit key. Check that ENCRYPT_METHOD in /etc/login.defs is set to MD5, SHA256 (this is what it should be set to by default on Slackware 14.1; your case is unusual, is this an install you've upgraded repeatedly?) or SHA512. For these, the entirety of the key is significant. Once you've confirmed this, change your password.

HTH :-)

You really think I posted them without some minor changes here and there? Think again

I've never touched login.defs before.

from /etc/login.defs

ENCRYPT_METHOD SHA256


It is a clean install after the hard drive broke and was replaced.

Is it possible to have 2 encryption methods for different users? Root pass do have $id$ at the beginning while my user do not.

That's very odd. Changing your password should fix your immediate problem, but you should consider performing an audit to ensure these issues aren't due to any malicious activity.

cannot confirm this to my slack64 14.1 - cannot login to user with 8 symb instead of full 10 symbols password, and also in sjhadows user password starts with $5$...

What can I do to check that? I need to know if this computer is clean for it is my office workstation.

Yes. The purpose of the $id$ field is to allow different users to use different password encryption methods. Generally, all users will use the same method, however, if the administrator (or shadow-utils) changed the default encryption method, you would still want to be able to log in; and for a time, some users would be using the new encryption method, while others used the old.

I am the administrator and I didn't do anything like this.

That was a hypothetical scenario explaining why $id$ exists and that yes, you can have different methods for different users.

:^)

Right, I just wanted to clarify that no one else is configuring my machine but myself. At least not legally.

I changed the password and now it looks properly encrypted. What do you suggest I do next?

Check your logs, disable unnecessary services, verify the integrity of the services you are running, check that your bootscript have not been tampered with, check for any setuid executables that shouldn't be.

look there:
http://slackbuilds.org/result/?search=intrusion&sv=14.1

http://www.alienvault.com/blogs/secu...quick-overview