On Tue, Nov 24, 2009 at 05:20:58PM +0100, Tom Deblauwe wrote:
> Hello,
>
> I was using a script to set the root password, it just contained this code:
>
> echo "mypassword_\$123" | chpasswd
>
> Now the problem is that now I can login as root with multiple passwords:
>
> mypassword_$
>
> works, and
>
> mypassword_$123
>
> works, and
>
> mypassword_$12345
>
> works. So anything I put after the $ sign is ignored by the login prompt
> it seems, and it allows me access in the console.
>
> Is there another way, or maybe I should just drop the dollar sign
> altogether?
What about 'mypasswor'? (That is: is anything after the 8-th character
ignored)?
But then again, why would anybody use the obsolete DES crypt()?
The man page of chpasswd tells you:
-m, --md5
Use MD5 encryption instead DES when the supplied passwords are not
encrypted.
DES passwords are limited to 8 characters, and the rest are ignored. See
crypt(3).
Wow. chpasswd does not use PAM. Doh. And I actually used it in some of
my scripts :-(
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.co...@xorcom.com
+972-50-7952406 mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir
--
To UNSUBSCRIBE, email to debian-live-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
