It is yet unclear what the root cause of this issue is - libpam, crypt, passwd and sudo seem like primary suspects. The 256 character password is hashed to a value which still allows a TTY login to succeed. Also, passwd run by a different user in the context of the affected user (using sudo) still works. So apparently it only breaks for the logged-in user. This may help identify the root cause.
pam_unix(8) (on bionic) states: The maximum length of a password supported by the pam_unix module via the helper binary is PAM_MAX_RESP_SIZE - currently 512 bytes. The rest of the password provided by the conversation function to the module will be ignored. Regarding passwd, I was told this on IRC: passwd uses getpass() to read the password from the user, and testing just getpass() alone shows it will return up to 4095 bytes long (i.e. truncates at that length). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1822736 Title: Passwords longer than 255 characters break authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1822736/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
