Mailinglist Archive: opensuse-security (179 mails)

["Jose J. Cintron" <jcintron@xxxxxxxxx>]

another thing that may help even thought the file comments say that is 
ignored if using md5 or blowfish is

pc> cat /etc/login.defs | grep PASS_MAX_LEN

PASS_MAX_LEN    255

The comments for this setting say

#
# Number of significant characters in the password for crypt().
# Default is 8, don't change unless your crypt() is better.
# Ignored if the "md5" or "blowfish" option is given to the
# pam_pwcheck module.
#

but it may be worth a try if everything else fails.

Arjen Runsink wrote:
> Hi all,
>
> This must be a bug in passwd.
>
> On Friday 14 May 2004 22:56, Jose J. Cintron wrote:
>
> > i'm running 8.2.  try using md5 too see if it's a bug in the blowfish
> >
> > > > > password:       blowfish nullok
> > > > > Manual says it will truncate at 97 or so chars.
> > >
> > > 72 I just reread
>
>
> It truncates with DES, MD5 and blowfish
> When using yast to modify a user password +8 long pws work.
>
> Explicitely setting an allowable password length seems to work however.
>
> # cat pam_pwcheck.conf | grep maxlen
> password:       minlen=6 maxlen=16 cracklib md5 nullok

--

+------------------------------------------
| José J. Cintrón - <jcintron@xxxxxxxxx>
|
| MITRE Corporation
| 7515 Colshire Drive
| Mail Stop W424
| McLean, VA  22102-7508
|
| Phone: 703.883.3040
| Fax: 703.883.1397
+------------------------------------------