On two different SuSE machines (7.2 and 7.3), I am having a problem with them authenticating only from the first 8 characters of a password. Example, password is: ilovemyroot 'ilovemyr' and 'ilovemyr00t' will both pass authentication at console, and in any X applications (i.e. kdesu and kcheckpass) I have md5 enabled, and have verified the md5 entries in /etc/pam.d/passwd, /etc/pam.d/login, and /etc/pam.d/sshd Any thoughts? Anyone else with the same issues? I don't know much about pam and how it works. thanks, michael
On two different SuSE machines (7.2 and 7.3), I am having a problem with them authenticating only from the first 8 characters of a password.
Example, password is: ilovemyroot
'ilovemyr' and 'ilovemyr00t' will both pass authentication at console, and in any X applications (i.e. kdesu and kcheckpass)
I have md5 enabled, and have verified the md5 entries in /etc/pam.d/passwd, /etc/pam.d/login, and /etc/pam.d/sshd
Any thoughts? Anyone else with the same issues? I don't know much about pam and how it works.
Can you please verify that you really have an md5-password? If the crypted password starts with the string $1$, then it's md5. This looks like it's not md5, because the length of the password as stated in /etc/login.defs is ignored for md5.
thanks, michael
Thanks,
Roman.
--
- -
| Roman Drahtmüller
On Tue, 26 Feb 2002, Roman Drahtmueller wrote:
Can you please verify that you really have an md5-password? If the crypted password starts with the string $1$, then it's md5. This looks like it's not md5, because the length of the password as stated in /etc/login.defs is ignored for md5.
I found the problem, I did not have a md5 password. I had changed my password with Yast2, but it does not store the password as md5. Changing it again via passwd fixed it. thanks, michael
Thanks, Roman. -- - - | Roman Drahtmüller
// "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At Dienstag, 26. Februar 2002 22:15 michael stone wrote:
I found the problem, I did not have a md5 password. I had changed my password with Yast2, but it does not store the password as md5.
Is there a way to tell Yast2 to generate md5-passwords?
After adding 'md5' to the password-entry in /etc/pam.d/password
I found that yast2 is generating md5-look-alike passwords,
but is using only a two-char seed as apposed to the usual 8-char
seed when using /usr/bin/passwd. So somehow yast2 might
be looking at /etc/pam.d/passwd, but is not implementing
the full PAM-md5 method to generate the passwords (i.e.
yast2 seems to use only the usual crypt-seed of 2 characters long).
Perhaps it might be an idea to have yast2 use full PAM support
with it's own PAM-parameter-file like /etc/pam.s/yast2 ?
Greetings
Michael
- --
Michael Zimmermann (Vegaa Internet Services)
the full PAM-md5 method to generate the passwords (i.e. yast2 seems to use only the usual crypt-seed of 2 characters long).
Perhaps it might be an idea to have yast2 use full PAM support with it's own PAM-parameter-file like /etc/pam.s/yast2 ?
This approach is correct. I have passed it on to our yast2 development team, it's an open bug now. I hope it gets fixed in the future. Thanks for the suggestion and the problem.
Greetings Michael
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (3)
-
michael stone
-
Michael Zimmermann
-
Roman Drahtmueller