Mike Dresser wrote: > > On Fri, 30 Nov 2001, Roger Keays wrote: > > > I'm not sure if this is common knowledge or not, but I have just noticed > > the effects of having the first two letters of your password the same as > > the first two in your login name... You can use any extension of your > > password!! > > > > e.g., on my Woody box I added a user called 'ron' and his password was > > 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so > > forth! > > > All the ones you tried are all over 8 letters, I bet? > > My guess is you're using DES. DES only allows up to 8 letter passwords. > Check your /etc/pam.d, look at login and passwd in there > > If you add a md5 at the end of the line that handles passwords, this will > enable md5, which allows longer passwords. This is backwards compatible > in that your existing passwords will still work. Once you change it or > add another user, it will use md5. >
Interesting. I'm running Debian 2.2r2 (dist-upgraded to testing). I selected MD5 for my passwords during installation. However, it seems that it has defaulted my passwords to 8 characters too: >From /etc/pam.d/passwd (login is the same) password required pam_unix.so nullok obscure min=4 max=8 md5 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
