Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Help! Old passwords still work in Solaris 10

3 views
Skip to first unread message

Ryan Hard

unread,
Jan 30, 2010, 5:44:35 AM1/30/10
to
Our servers only use the standard /etc/passwd, no LDAP or anything and
I recently used passwd to change the user and root passwords on two
boxes(one is a mostly identical failover). I happened to notice that,
in addition to the new one, all the old passwords still work even from
before I got here so I have to assume this has always been going on.
Any ideas why this would happen?

Ryan Hard

unread,
Jan 30, 2010, 7:17:12 AM1/30/10
to
Nevermind I figured it out. Was using old-school crypt which only
recognizes the first 8 characters in a pass while the rest is
truncated.

hume.sp...@bofh.ca

unread,
Jan 30, 2010, 9:51:06 AM1/30/10
to
Ryan Hard <ryan....@gmail.com> wrote:
> Nevermind I figured it out. Was using old-school crypt which only
> recognizes the first 8 characters in a pass while the rest is

That implies that the first eight characters of all your passwords were the
same. I hope that doesn't mean that your passwords are of the form
"password01", "password02", and so on.

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/

Ryan Hard

unread,
Jan 31, 2010, 4:30:09 AM1/31/10
to
On Jan 30, 5:51 pm, hume.spamfil...@bofh.ca wrote:

Well yes but they're only accessible locally(like, the same room
locally) in a controlled building in a controlled area and the
passwords are really just for show. If someone has physical access who
shouldn't, we've got way more to worry about.

hume.sp...@bofh.ca

unread,
Jan 31, 2010, 8:26:57 PM1/31/10
to
Ryan Hard <ryan....@gmail.com> wrote:
> Well yes but they're only accessible locally(like, the same room
> locally) in a controlled building in a controlled area and the
> passwords are really just for show. If someone has physical access who

Okay, your original post made it sound like the passwords being worthless
was actually a concern.

Glad to hear these aren't on the network, however. I hope that bad practice
doesn't extend to anything that actually is. (In my experience, it usually
does...)

ChrisS

unread,
Feb 6, 2010, 11:51:52 AM2/6/10
to
On Jan 31, 8:26 pm, hume.spamfil...@bofh.ca wrote:

It's a mystery to me why Sun was (and still is) shipping Solaris with
a default __UNIX__ in the security policy. Why not ship with at least
option "1". I know in recent releases doing this for root's password
broke SMC, but I'm not sure if that's still the case since I don't use
SMC by default. Many new (and even experienced Sol admins) don't know
this simple change needs to happen.

Richard B. Gilbert

unread,
Feb 6, 2010, 3:39:28 PM2/6/10
to

This __UNIX__ is something I do not recall from school.

What is it, where is it and what SHOULD it be?

Chris Ridd

unread,
Feb 6, 2010, 3:52:11 PM2/6/10
to
On 2010-02-06 20:39:28 +0000, Richard B. Gilbert said:

> This __UNIX__ is something I do not recall from school.
>
> What is it, where is it and what SHOULD it be?

See the manpage for crypt.conf, also the comments in /etc/security/crypt.conf.
--
Chris

Richard B. Gilbert

unread,
Feb 6, 2010, 4:17:50 PM2/6/10
to

Thanks. It's not in Solaris 8 which was current when I went to school
for it.

Chris Ridd

unread,
Feb 6, 2010, 4:56:52 PM2/6/10
to

A quick google suggests it arrived in one of the "mid to late" Solaris
9 updates.
--
Chris

Casper H.S. Dik

unread,
Feb 6, 2010, 5:29:45 PM2/6/10
to
Chris Ridd <chri...@mac.com> writes:

>A quick google suggests it arrived in one of the "mid to late" Solaris
>9 updates.


Solaris 9 update 2.

Casper

0 new messages