Why can't one increase the password length ? I've changed the password length to 15 and encryption method from DES to MD5 due to DES length limitations but when I create an user the password is truncated is still truncadet to 8 chars ! What am i missing here ? Miguel Albuquerque Network Administrator DISCLAIMER - This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
On 16.10.2006 13:25, Miguel ALBUQUERQUE wrote:
Why can't one increase the password length ? I've changed the password length to 15 and encryption method from DES to MD5 due to DES length limitations but when I create an user the password is truncated is still truncadet to 8 chars !
What am i missing here ?
Use blowfish as hashing algorithm. -- Blade hails you... My tale is the most bitter truth: Time pays us but with earth and dust, and a dark, silent grave. Remember, my child: Without innocence the cross is only iron, hope is only an illusion and Ocean Soul's nothing but a name... The Child bless thee and keep thee forever! --Nightwish
Hi, I do not know what version of SuSE you use. But since 9.2 I have systems running with blowfish encryption and the root passwd on my systems is always 25 chars. And I had no problem so far. Regards, Pedro --- Miguel ALBUQUERQUE <miguel.albuquerque@codalis.ch> wrote:
Why can't one increase the password length ? I've changed the password length to 15 and encryption method from DES to MD5 due to DES length limitations but when I create an user the password is truncated is still truncadet to 8 chars !
What am i missing here ?
Miguel Albuquerque Network Administrator
DISCLAIMER - This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
<pedrocsort-e@yahoo.com> wrote on 16.10.2006 14:56:37:
Hi,
I do not know what version of SuSE you use. But since 9.2 I have systems running with blowfish encryption and the root passwd on my systems is always 25 chars. And I had no problem so far.
Regards, Pedro
It's really strange, i've checked : /etc/security/pam_pwcheck.conf password: minlen=12 maxlen=20 cracklib blowfish nullok cat /etc/default/passwd : # This file contains some information for # the passwd (1) command and other tools # creating or modifying passwords. # Define default crypt hash # CRYPT={des,md5,blowfish} CRYPT=blowfish In /etc/shadow i am not seeing the '$2a$10$' for users created lately. I added users manually without warnings or error messages, but how can one be sure that the password hasn't being truncated ? How do I know, besides the "magic '$2a$10$'", the encryption method is blowfish ? This is SuSE 10.1 Miguel Albuquerque Network Administrator DISCLAIMER - This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
Hi, I also have Suse 10.1 with lattest up-dates. My /etc/security/pam_pwcheck.conf only contains: password nullock and I have no /etc/default/ directory ?!?! Also my /etc/passwd is a plain "normal" passwd file. the /etc/shadow contains the correct Blowfish passwords. Do you have Local authentication on your system or do you use NIS ? Regards, Pedro Coelho --- Miguel ALBUQUERQUE <miguel.albuquerque@codalis.ch> wrote:
<pedrocsort-e@yahoo.com> wrote on 16.10.2006 14:56:37:
Hi,
I do not know what version of SuSE you use. But since 9.2 I have systems running with blowfish encryption and the root passwd on my systems is always 25 chars. And I had no problem so far.
Regards, Pedro
It's really strange, i've checked :
/etc/security/pam_pwcheck.conf password: minlen=12 maxlen=20 cracklib blowfish nullok
cat /etc/default/passwd : # This file contains some information for # the passwd (1) command and other tools # creating or modifying passwords.
# Define default crypt hash # CRYPT={des,md5,blowfish} CRYPT=blowfish
In /etc/shadow i am not seeing the '$2a$10$' for users created lately. I added users manually without warnings or error messages, but how can one be sure that the password hasn't being truncated ? How do I know, besides the "magic '$2a$10$'", the encryption method is blowfish ?
This is SuSE 10.1
Miguel Albuquerque Network Administrator
DISCLAIMER - This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
<pedrocsort-e@yahoo.com> wrote on 16.10.2006 17:42:31:
Hi,
I also have Suse 10.1 with lattest up-dates.
My /etc/security/pam_pwcheck.conf only contains:
password nullock
and I have no /etc/default/ directory ?!?! Also my /etc/passwd is a plain "normal" passwd file. the /etc/shadow contains the correct Blowfish passwords.
Do you have Local authentication on your system or do you use NIS ?
I was using LDAP auth. and I kinda figured out that I had concurrent user's db ! Some users where listed in /etc/passwd or /etc/shadow but not all. I think that's my issue. I just need to clean up and set local auth instead of LDAP for all users and modules. I don't have much idea where to look conf files though. Basically, how one changes from LDAP auth to Local ? What are the security implications ? Any hints ? Many thanks Miguel Albuquerque Network Administrator DISCLAIMER - This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
participants (3)
-
Boyan Tabakov -
Miguel ALBUQUERQUE -
pedrocsort-e@yahoo.com