LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-25-2006, 11:34 AM   #1
jordan78
LQ Newbie
 
Registered: Oct 2006
Posts: 6

Rep: Reputation: 0
Angry password 8 char limitation


If I typing the first 8 chars of a the login password I gain access to the system. can someone tell me please where can I disable this option to only allow users to enter the full password.

thanks,
 
Old 10-25-2006, 12:50 PM   #2
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 868

Rep: Reputation: 296Reputation: 296Reputation: 296
Sounds like you might be running an ancient version of the Shadow programs.

Password length is likely set in /etc/login.defs:

Quote:
# Number of significant characters in the password for crypt().
# Default is 8, don't change unless your crypt() is better.
# Ignored if MD5_CRYPT_ENAB set to "yes".
#
PASS_MAX_LEN 20
Easiest thing is to update the shadow package using your distro tools. Fallback option is to compile shadow yourself and make sure the right options get set in building and in login.defs. Note that there's a few other login programs around, such as the one that can be built in util-linux, but probably you are not running that.
 
Old 10-25-2006, 02:05 PM   #3
jordan78
LQ Newbie
 
Registered: Oct 2006
Posts: 6

Original Poster
Rep: Reputation: 0
I am running redhat WS 3.0 and shadow-utils-4.0.3-15 which is fairly new. I looked at the /etc/login.defs there was no option for PASS_MAX_LEN.

any other idea. thanks for trying.
 
Old 10-25-2006, 03:19 PM   #4
Jaqui
Member
 
Registered: Jan 2006
Location: Vancouver BC
Distribution: LFS, SLak, Gentoo, Debian
Posts: 291

Rep: Reputation: 36
what authentication method are you using?
if you are networked then the password length is set by the authentication for the domain server, such as NIS authentication.

if the basic authentication then it is a setting in password or shadow utilities.

this is an odd problem, since most distros went to a full 255 character password option after they adopted the 2.4 kernel.
[ Vector and few other small distros have similar issues, Vector doesn't [ at least with the last version I checked ] recognise anything after a space character in a password. ]
 
Old 10-25-2006, 03:41 PM   #5
jordan78
LQ Newbie
 
Registered: Oct 2006
Posts: 6

Original Poster
Rep: Reputation: 0
I am using ldap and samba. but in this case I am simply ssh to the machine as root. so i am doing local authentication. I will take a look at passwd and shadow.

thanks for your reply.
 
Old 10-26-2006, 12:12 PM   #6
jordan78
LQ Newbie
 
Registered: Oct 2006
Posts: 6

Original Poster
Rep: Reputation: 0
the system was using old DES56 hashes (preinstall) instead of MD5 which limits the password to 8 char. changing password renabled the MD5 for longer passwds.

problem solved.

thanks all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
invalid conversion from `const char*' to `char*' deepinlife Programming 22 08-05-2006 10:49 AM
If I get invalid conversion from `const char*' to `char' what should I be lookin for? RHLinuxGUY Programming 5 03-12-2006 10:35 PM
Conversion from char[100] to char* ? zahadumy Programming 2 12-11-2005 09:04 PM
C Problem---convert char to char* totti10 Programming 11 11-06-2004 11:32 AM
invalid conversion from `char' to `const char* bru Programming 6 05-09-2004 03:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration