From owner-freebsd-questions  Thu Mar 19 15:23:53 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA25842
          for freebsd-questions-outgoing; Thu, 19 Mar 1998 15:23:53 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from pop.uniserve.com (pop.uniserve.com [204.244.156.3])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA25454;
          Thu, 19 Mar 1998 15:22:29 -0800 (PST)
          (envelope-from tom@uniserve.com)
Received: from shell.uniserve.com [204.244.186.218] 
	by pop.uniserve.com with smtp (Exim 1.82 #4)
	id 0yFodI-0003Lp-00; Thu, 19 Mar 1998 15:21:56 -0800
Date: Thu, 19 Mar 1998 15:21:54 -0800 (PST)
From: Tom <tom@uniserve.com>
To: Robert Watson <robert@cyrus.watson.org>
cc: Richard Stanaford <richard@cube3.erinet.com>,
        "Randy A. Katz" <randyk@ccsales.com>, questions@FreeBSD.ORG,
        freebsd-stable@FreeBSD.ORG
Subject: Re: Password Characters Not Required???
In-Reply-To: <Pine.BSF.3.96.980319172128.23320A-100000@fledge.watson.org>
Message-ID: <Pine.BSF.3.96.980319151824.21872A-100000@shell.uniserve.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Thu, 19 Mar 1998, Robert Watson wrote:

> On Thu, 19 Mar 1998, Richard Stanaford wrote:
> 
> >   Indeed it is normal.  FreeBSD takes only the first 8 significant
> > characters and then truncates the rest.  This is not FreeBSD specific. 
> > BSDI is the same way, along with Solaris and other flavors of Unix, I
> > believe.   
> 
> However, BSD/OS allows you to modify the max password length for
> userclasses, up to 128 characters I think?  Similarly, the password

  This is for user entry purposes.  FreeBSD has it to.  It has nothing to
do with how many password characters might be significant.

> behavior here is a function of the crypt() used -- with Kerberos, you get
> whatever the Kerberos behavior is -- it certainly has more significant
> characters, however.  I would personally like to see change in behavior
> here, perhaps as a login.conf option similar to BSD/OS.  I don't see one
> in the -stable login.conf man page, however.

  md5 also has more significant characters (16 I believe).  In many ways,
the "secure" (DES) distribution is actually less secure than the default
md5.

>   Robert N Watson 
> 
> Carnegie Mellon University http://www.cmu.edu/
> SafePort Network Services  http://www.safeport.com/
> robert@fledge.watson.org   http://www.watson.org/~robert/

Tom


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message