Date: Fri, 12 Nov 1999 16:15:09 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: "H. Eckert" <ripley@nostromo.in-berlin.de> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Status of Passwords/etc in FreeBSD-stable Message-ID: <Pine.BSF.4.10.9911121606440.32210-100000@hub.freebsd.org> In-Reply-To: <19991112002328.B81323@server.nostromo.in-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Nov 1999, H. Eckert wrote: > Quoting Kris Kennaway (kris@hub.freebsd.org): > > I don't see what you'd need a maximum password length variable for, but > > there is already a minpasswordlen capability. > > Pre-3.x truncated passwords over 8 chars. As 3.x now supports > longer passwords I found I had trouble with Netatalk filesharing, > as the Mac's input field only allows 8 chars. > So it could be useful in a user's environment to restrict the > length so that the users can't set a password that's not going > to work for them anyway... > I have not yet tried whether MacOS 9 changes this behaviour, though... The only thing I can think you might be referring to here is that DES passwords, by design, are limited to 8 characters. Extra characters beyond 8 are silently ignored (e.g. you can type as much as you want, as long as the first 8 are correct). MD5 passwords, on the other hand, have essentially infinite length and have been supported by FreeBSD since at least 2.0. Probably you switched from DES to MD5 passwords when you upgraded. Having said that, your netatalk example shows there's at least some need for it - it would be a fairly simple matter to copy the minpasswordlen code. If you submit the patch I'll try and get it committed. Kris ---- Cthulhu for President! For when you're tired of choosing the _lesser_ of two evils.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911121606440.32210-100000>