Am Montag, 17. Dezember 2001 04:47 schrieben Sie:
Hi all.
By sheer accident I noticed that an initial substring (of 7 characters or longer) of my root password will return a match when I su to root.
Hi there, One possibility to solve this problem is to use the md5-capability of pam! You have to insert a md5 in some of the conf. files in /etc/pam.d: e.g. in /etc/pam.d/passwd #%PAM-1.0 auth required /lib/security/pam_unix.so nullok account required /lib/security/pam_unix.so password required /lib/security/pam_pwcheck.so nullok md5 password required /lib/security/pam_unix.so nullok md5 use_first_pass use_authtok session required /lib/security/pam_unix.so At the moment I don't know where and why you have to insert the md5's, but this is actually what hardensuse does. After inserting the md5's (in passwd, sshd, login etc.) you have to "renew" your passwords with passwd and know the passwords could be longer than 8 characters. Correct me if I'm wrong but only editing PASS_MIN_LEN and PASS_MAX_LEN isn't enough, crypt() (with passwd) ignores everything more than 8 characters. With md5 a hash of your password is calculated which is passed to crypt(). HTH ------------------ Guido Tschakert Sys-Ad, SRC ------------------