On two different SuSE machines (7.2 and 7.3), I am having a problem with them authenticating only from the first 8 characters of a password. Example, password is: ilovemyroot 'ilovemyr' and 'ilovemyr00t' will both pass authentication at console, and in any X applications (i.e. kdesu and kcheckpass) I have md5 enabled, and have verified the md5 entries in /etc/pam.d/passwd, /etc/pam.d/login, and /etc/pam.d/sshd Any thoughts? Anyone else with the same issues? I don't know much about pam and how it works. thanks, michael
Can you please verify that you really have an md5-password? If the crypted password starts with the string $1$, then it's md5. This looks like it's not md5, because the length of the password as stated in /etc/login.defs is ignored for md5.
thanks, michael
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At Dienstag, 26. Februar 2002 22:15 michael stone wrote:
I found the problem, I did not have a md5 password. I had changed my password with Yast2, but it does not store the password as md5.
Is there a way to tell Yast2 to generate md5-passwords? After adding 'md5' to the password-entry in /etc/pam.d/password I found that yast2 is generating md5-look-alike passwords, but is using only a two-char seed as apposed to the usual 8-char seed when using /usr/bin/passwd. So somehow yast2 might be looking at /etc/pam.d/passwd, but is not implementing the full PAM-md5 method to generate the passwords (i.e. yast2 seems to use only the usual crypt-seed of 2 characters long). Perhaps it might be an idea to have yast2 use full PAM support with it's own PAM-parameter-file like /etc/pam.s/yast2 ? Greetings Michael - -- Michael Zimmermann (Vegaa Internet Services) <zim@vegaa.de> phone +49 89 6283 7632 hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8fI6q72vu22ltWBERAqF3AJwPU9I46ScVQBBEiEZ8tmn8akh5kQCeIsUZ Sv2ztAj1kUhbThkKfmIpcz0= =G+88 -----END PGP SIGNATURE-----
This approach is correct. I have passed it on to our yast2 development team, it's an open bug now. I hope it gets fixed in the future. Thanks for the suggestion and the problem.
Greetings Michael
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
Can you please verify that you really have an md5-password? If the crypted password starts with the string $1$, then it's md5. This looks like it's not md5, because the length of the password as stated in /etc/login.defs is ignored for md5.
thanks, michael
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At Dienstag, 26. Februar 2002 22:15 michael stone wrote:
I found the problem, I did not have a md5 password. I had changed my password with Yast2, but it does not store the password as md5.
Is there a way to tell Yast2 to generate md5-passwords? After adding 'md5' to the password-entry in /etc/pam.d/password I found that yast2 is generating md5-look-alike passwords, but is using only a two-char seed as apposed to the usual 8-char seed when using /usr/bin/passwd. So somehow yast2 might be looking at /etc/pam.d/passwd, but is not implementing the full PAM-md5 method to generate the passwords (i.e. yast2 seems to use only the usual crypt-seed of 2 characters long). Perhaps it might be an idea to have yast2 use full PAM support with it's own PAM-parameter-file like /etc/pam.s/yast2 ? Greetings Michael - -- Michael Zimmermann (Vegaa Internet Services) <zim@vegaa.de> phone +49 89 6283 7632 hotline +49 163 823 1195 Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8fI6q72vu22ltWBERAqF3AJwPU9I46ScVQBBEiEZ8tmn8akh5kQCeIsUZ Sv2ztAj1kUhbThkKfmIpcz0= =G+88 -----END PGP SIGNATURE-----
This approach is correct. I have passed it on to our yast2 development team, it's an open bug now. I hope it gets fixed in the future. Thanks for the suggestion and the problem.
Greetings Michael
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
participants (3)
-
michael stone
-
Michael Zimmermann
-
Roman Drahtmueller