Hi I have been looking into passwords on my system (6.3) I have been using the same password for root and myself as a user (not good practise I know) This was ok for me....but now that I have also set up my children as users I wanted to change my root password to be sure that they could not watch me and gain root access. I discovered something which surprised me. I wanted to keep the new pass word similar ...but different. eg. My old pass phrase which I used for root and user brian was abcdefgh . I changed my root pass word to abcdefghxy. However I was still able to log in as root using abcdefgh, AND abcdefghxy How can this happen? I have now changed it to abcdejkl and now have proper access restored. (These examples are for illustration purposes only, and bear no resemblance to the actual passwords) Regards Brian ---------------------------------- E-Mail: Brian Galbraith <brian.galbraith@bigfoot.com> Date: 30-Jan-2000 Time: 15:23:22 Default Key 0x63EBA765 (DH/DSA) PGP Keys from http://math-www.uni-paderborn.de/pgp/ This message was sent by XFMail 1.4.4 ----------------------------------
At 15:30 30.01.00 +0000, Brian Galbraith wrote:
Hi I have been looking into passwords on my system (6.3) I have been using the same password for root and myself as a user (not good practise I know) This was ok for me....but now that I have also set up my children as users I wanted to change my root password to be sure that they could not watch me and gain root access. I discovered something which surprised me. I wanted to keep the new pass word similar ...but different.
eg. My old pass phrase which I used for root and user brian was abcdefgh . I changed my root pass word to abcdefghxy.
However I was still able to log in as root using abcdefgh, AND abcdefghxy
How can this happen? I have now changed it to abcdejkl and now have proper access restored.
Passwords can have a maximum of 8 characters, each character more is ignored ! -- und servus <o) Hans Klein /\\ _\_v /* http://www.net-con.net */
On Sun, Jan 30, 2000 at 03:30:55PM -0000, Brian Galbraith wrote:
abcdefgh . I changed my root pass word to abcdefghxy.
However I was still able to log in as root using abcdefgh, AND abcdefghxy
How can this happen? I have now changed it to abcdejkl and now have proper access restored.
The first eight characters are the same. Passwd only uses up to eight characters. Unfortunately the man page only suggests to use passwords with six to eight characters, but does not tell you that there is a limit. Karl Heinz -- Karl Heinz Kremer khk@khk.net http://www.khk.net ICQ: 41190739
participants (3)
-
Brian Galbraith -
Hans Klein -
Karl Heinz Kremer