max password length issue: md5 + pam_unix

From: Leonardo Canducci (leonardocanducci_at_yahoo.it)
Date: 06/30/05

  • Next message: Rick Pasotto: "xfree86 on km4m-v m/b (s3virge onboard)" 
    Date: Thu, 30 Jun 2005 16:22:18 +0200
To: debian-user <debian-user@lists.debian.org>

    I'm using debian sarge with shadow passwords and md5. The file
    /etc/pam.d/common-password contains a single uncommented line:

    password required pam_unix.so nullok obscure min=6 max=8 md5

    passwd command doesn't let me chose a password shorter than 6
    characthers (fine), but it accepts passwords longer than 8 chars (quite
    strange).
    I doesn't just consider the first 8 chars, but the whole password and
    entries in /etc/shadow change if I choose for example:
    charachter 123456789 ecc.
    passwd1 testpassWORD
    passwd2 testpassFOO

    Can somebody explain me that behaviour?

    thanks 

    -- 
Leonardo Canducci 
GPG Key ID: 429683DA
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Rick Pasotto: "xfree86 on km4m-v m/b (s3virge onboard)"

    Relevant Pages

    • Re: how to change the existing password settings on FC3
      ... atleast 1 alphanumeric character, atleast 1 upper case character and there ... non-alphanumeric chars. ... away with shorter passwords by mixing characters. ... B = passwords from 2 character classes ...
      (Fedora)
    • Re: how to change the existing password settings on FC3
      ... > atleast 1 alphanumeric character, atleast 1 upper case character and ... non-alphanumeric chars. ... away with shorter passwords by mixing characters. ... B = passwords from 2 character classes ...
      (Fedora)
    • Re: MD5 passwords
      ... davros> chars are ever actually used. ... My experience with MD5 passwords is that with MD5, ...
      (comp.os.linux.security)
    • Solaris 8 char password limit
      ... hashing to blowfish in /etc/shadow but I still can get authenticated ... Solaris 9 to have passwords longers than 8 chars (authentication from ...
      (SunManagers)
    • Re: Security level of SET PASS /GENERATE ?
      ... post-it note that is permanently attached to their monitor. ... Complex passwords are more pain than gain. ... "At 31 characters long, my password is all but unhackable." ... her that only the first 32 chars get looked at! ...
      (comp.os.vms)