Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: initial substring matches passwd when su'ing to root
  • From: Johannes Geiger <geiger@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 17 Dec 2001 10:07:00 +0100
  • Message-id: <20011217100700.A680@xxxxxxxxxxxxxxxxx>
Hi,

On Mon, Dec 17, 2001 at 03:59:15AM -0500, Corvin Russell wrote:
> On Mon, Dec 17, 2001 at 09:34:54AM +0100, Peer Stefan wrote:
> >
> > If you want to enable longer passwords (more than 8 characters) you have to
> > edit /etc/login.defs.
> > There should be an entry
> > PASS_MIN_LEN 5
> > and another one
> > PASS_MAX_LEN 8
> > which means, any password with 5 or more characters are ok and only the
> > first 8 characters are passed to crypt(). You can set the PASS_MAX_LEN to
> > any value up to 255.
> > An easier way to achieve this is to use the harden_suse script, which asks
> > you about the length of passwords.
>
> Thanks for the reply. This is the value in my /etc/login.defs:
>
> PASS_MAX_LEN "40"

Sorry, but the only answer here ist RTFM

man login.defs:
...
PASS_MAX_LEN (number)
Number of significant characters in the password
for crypt(). Default is 8, don't change unless
your crypt() is better. This option is gnored if
the "md5" option is given to the pam_pwcheck module.
...

man crypt:
...
By taking the lowest 7 bit of each character of the key, a
56-bit key is obtained. This 56-bit key is used to
...

and 56/7 equals 8.

less /usr/share/doc/packages/pam/README.md5

MD5 passwords on SuSE Linux
===========================

SuSE Linux is able to handle MD5 passwords. With MD5 encryption,
passwords can be longer than 8 characters (up to 128 characters).
Since MD5 encryption is not compatible with the standard Unix crypt()
function, most commercial Unices and some programs don't work
with MD5 passwords. So be careful, if you enable this feature.

HTH

Johannes

< Previous Next >