password bug!
clive keough
Although I've never seen it posted. Is it well known that only the
first 8 characters of the password count on SCO openserver. It doesn't
just occur on one machine or one version here either. I wasn't aware
that this was a problem/bug and I've not seen it written elsewhere.
Thought please.
Clive
-**** Posted from RemarQ, http://www.remarq.com/?b ****-
Real Discussions for Real People
Jean-Pierre Radley
|
| Although I've never seen it posted. Is it well known that only the
| first 8 characters of the password count on SCO openserver. It doesn't
| just occur on one machine or one version here either. I wasn't aware
| that this was a problem/bug and I've not seen it written elsewhere.
|
This may only be the case for tradional or low security models.
See TA 108103.
--
Jean-Pierre Radley <j...@jpr.com> XC/XT Custodian Sysop, CompuServe SCOForum
Kevin W. Reed
longer passwords, some cannot.
clive...@yahoo.com (clive keough) writes:
>Hi,
>
>Although I've never seen it posted. Is it well known that only the
>first 8 characters of the password count on SCO openserver. It doesn't
>just occur on one machine or one version here either. I wasn't aware
>that this was a problem/bug and I've not seen it written elsewhere.
>
>Thought please.
>
>Clive
--
Kevin W. Reed - Voice 602-647-7121 TNET Services - MAILBOT.COM
Bill Walker
> clive...@yahoo.com (clive keough) writes:
This proves little, but costs nothing:
73 de Bill W5GFE
--------------------------------------------------
#!/usr/local/bin/perl
my @list = (
'fuddy',
'fuddy ',
'fuddy s',
'fuddy sn',
'fuddy sna',
'fuddy snar',
'fuddy snark',
'fuddy snark cat',
'fuddy snark cat loaded',
'fuddy snark cat loaded with',
);
printf("%-30s %s %6s %15s\n","plain","salt","length","encryption");
$salt="AB";
foreach my $plaintext ( @list ) {
$cyphertext=crypt($plaintext,$salt);
printf("%-30s %s %6d %15s\n",$plaintext,$salt,length($plaintext),$cyphertext);
}
Kevin Smith
>clive keough averred (on Mon, Apr 12, 1999 at 08:14:05AM -0800):
>|
>| first 8 characters of the password count on SCO openserver. It doesn't
>| just occur on one machine or one version here either. I wasn't aware
>| that this was a problem/bug and I've not seen it written elsewhere.
>|
>
>See TA 108103.
C2 security is a minimum of eight. Don't know the maximum. This is
of interest because it caused a great deal of confusion trying to get
visionfs working. Windoze only sends upto to eight characters of your
password. The result is you can't connect to visionfs if your password
isn't exactly eight characters (with c2 security).
--
Do two rights make | Kevin Smith, ShadeTree Software, Philadelpha, PA, USA
a libertarian | 001-215-487-3811 shady.com,kevin bbs.cpcn.com,sysop
Frederico Fonseca
>Kevin W. Reed <kr...@telesys.tnet.com> wrote:
>> That is true of most Unix platforms. Some can be changed to use
>> longer passwords, some cannot.
>
>> clive...@yahoo.com (clive keough) writes:
>
>>>Hi,
>>>
>>>Although I've never seen it posted. Is it well known that only the
>>>first 8 characters of the password count on SCO openserver. It doesn't
>>>just occur on one machine or one version here either. I wasn't aware
But the password lengh on OpenServer CAN be changed.
Just need to read the online man pages properly.
FF
John DuBois
clive keough <clive...@yahoo.com> wrote:
>Although I've never seen it posted. Is it well known that only the
>first 8 characters of the password count on SCO openserver. It doesn't
>just occur on one machine or one version here either. I wasn't aware
Only the first 8 characters count *by default*. It's easy to change. The part
of a password that is significant is set in "segments" of 8 characters. To
e.g. increase the significant length to 32 characters, do (on a 5.0 system):
usermod -D -x '{passwdSignificantSegments 4}'
MAJOR caveat:
Only the significant part of a password is stored, AND only the significant
part is compared. So, if you have the significant segments set to 1, you may
have users using >8-character passwords; the password routines just ignore the
extra characters. But when you increase the significant segments beyond 1,
suddenly all those users will not be able to log in... because now more than
8 characters of the password they enter are being compared against the 8
characters stored in the password database. I learned this the hard way when
I bumped segments up from 1 to 4 shortly after moving from XENIX to UNIX.
The solution was to put a notice in /etc/issue. These days you'd do better
to put it in BANNER in /etc/default/issue.
John
--
John DuBois spc...@armory.com. KC6QKZ http://www.armory.com./~spcecdt/
Bill Vermillion
John DuBois <spc...@deeptht.armory.com.> wrote:
John just a minor 'nit' here. I hope you don't think I'm too picky.
>MAJOR caveat: Only the significant part of a password is stored,
>AND only the significant part is compared.
Only the significant part of password is used to generate the
encrypted string written to disk, since passwords are not stored.
>I learned this the hard way when I bumped segments up from 1 to 4
>shortly after moving from XENIX to UNIX. The solution was to put
>a notice in /etc/issue. These days you'd do better to put it in
>BANNER in /etc/default/issue.
Now how do you get people to actually READ the banners :-)
--
Bill Vermillion bv @ wjv.com