----- Original Message ----- From: "Ruben Porras" <[EMAIL PROTECTED]> To: <debian-security@lists.debian.org> Sent: Friday, December 05, 2003 12:21 AM Subject: Re: extrange passwd behaviour
El jue, 04-12-2003 a las 22:05, Kevin escribió: > > I've discovered that login, sudo, gdm only take care of the first 8 > > characters of the passwd. The following characters don't count. See the > > following example (I've created a new user just to make the test) > > If you are not using md5 passwords will have a max length of 8 > characters. If you're using md5 your pam config for passwd etc should > look something like this: > password required pam_unix.so md5 > And the passwords in the shadow file should start with $1$ The problem was that I was not using md5 passwd. I don't know why /etc/pam.d/passwd was set to allow fall-through to the 'other' service. The debconf configuration of passwd says that md5 should be enabled. I've tried to run dpkg-reconfigure passwd with no effect, but that is another problem and off-topic here. Putting the line by hand works perfectly. Thanks. Hi In Debian default /etc/login.defs # # Number of significant characters in the password for crypt(). # Default is 8, don't change unless your crypt() is better. # If using MD5 in your PAM configuration, set this higher. # PASS_MAX_LEN 8 -- Riku -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
