Date: Fri, 20 Mar 1998 13:17:17 +1100 From: Sue Blake <sue2@welearn.com.au> To: Tom <tom@uniserve.com> Cc: Robert Watson <robert@cyrus.watson.org>, Richard Stanaford <richard@cube3.erinet.com>, "Randy A. Katz" <randyk@ccsales.com>, questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Password Characters Not Required??? Message-ID: <19980320131717.53739@welearn.com.au> In-Reply-To: <Pine.BSF.3.96.980319151824.21872A-100000@shell.uniserve.com>; from Tom on Thu, Mar 19, 1998 at 03:21:54PM -0800 References: <Pine.BSF.3.96.980319172128.23320A-100000@fledge.watson.org> <Pine.BSF.3.96.980319151824.21872A-100000@shell.uniserve.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 19, 1998 at 03:21:54PM -0800, Tom wrote:
>
> On Thu, 19 Mar 1998, Robert Watson wrote:
>
> > On Thu, 19 Mar 1998, Richard Stanaford wrote:
> >
> > > Indeed it is normal. FreeBSD takes only the first 8 significant
> > > characters and then truncates the rest. This is not FreeBSD specific.
> > > BSDI is the same way, along with Solaris and other flavors of Unix, I
> > > believe.
> >
> > However, BSD/OS allows you to modify the max password length for
> > userclasses, up to 128 characters I think? Similarly, the password
>
> This is for user entry purposes. FreeBSD has it to. It has nothing to
> do with how many password characters might be significant.
>
> > behavior here is a function of the crypt() used -- with Kerberos, you get
> > whatever the Kerberos behavior is -- it certainly has more significant
> > characters, however. I would personally like to see change in behavior
> > here, perhaps as a login.conf option similar to BSD/OS. I don't see one
> > in the -stable login.conf man page, however.
>
> md5 also has more significant characters (16 I believe). In many ways,
> the "secure" (DES) distribution is actually less secure than the default
> md5.
I don't understand this stuff, but I did a braindead-newbie installation of
2.2.2 and I use long passwords because I never heard there was a limit of 8.
The long passwords are very real on my system.
My 43 character password doesn't work if I leave characters off the end.
My 89 character password doesn't work if I omit or change the last
character.
Clearly we are seeing some differences here. If there is a password length
limit it should be documented somewhere handy, especially if installation
decisions affect it. I'm keen to see agreement and then a plain English
summary.
--
Regards,
-*Sue*-
find / -name "*.conf" |more
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980320131717.53739>