Date: Tue, 4 Apr 2000 01:26:07 -0400 From: Ray Kohler <ray@rjk191.rh.psu.edu> To: Bhishan Hemrajani <bhishan@cytosine.dhs.org> Cc: freebsd-questions@freebsd.org Subject: Re: only 8 chars of password needed to login Message-ID: <20000404012607.A623@rjk191.rh.psu.edu> In-Reply-To: <200004040448.e344mDn01205@cytosine.dhs.org>; from bhishan@cytosine.dhs.org on Mon, Apr 03, 2000 at 09:48:13PM -0700 References: <200004040448.e344mDn01205@cytosine.dhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 03, 2000 at 09:48:13PM -0700, Bhishan Hemrajani wrote: > I have a problem with user's passwords on my > system. I'm not sure if it is an error in my > setting up FreeBSD, or a security hole. > > What happens is, I set a password for a user > that is 10chars long. But, when I login, I can > just enter 8chars and anything after that, or just > the 8chars and it will let me log in. The reason for this is that you are using DES passwords. The 8 character limit is a function of that system. If you want to fix it, do this: Use vipw (as root) to open /etc/passwd. For each account that you want to fix, add the string "$1$" to the beginning to the encrypted password string. Quit vipw, and then run passwd to set the right password for each user you changed. The reason this works is that the crypt library searches for the string "$1$" at the beginning of the password to figure out if it is md5. Once you put it there once, the system will preserve it, thus allowing you to use md5 passwords (which can be longer than 8 characters). -- Ray Kohler <rjk191@psu.edu> When you're not looking at it, this fortune is written in FORTRAN. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000404012607.A623>