Re: crypt passwd length problems in 7.1 -> 7.2 upgrade

["Walter R. Worth" <wworth prodigy net>]

On Monday, November 26, 2001 3:36 PM, "Greg Ryan" <gregr cs usyd edu au> wrote:

> After doing both an upgrade from RH 7.1 -> RH 7.2, and a from scratch
> install of RH 7.2 I have found that the behaviour of authentication
> against crypt passwd/shadow files has changed.
>
> Under RH 7.1 and previous, if a password of more than 8 characters was
> set, one can log in by entering the full (>8 character) password. Under
> RH 7.2, if a password of more than 8 characters is set, one must log
> in with exactly the first 8 characters of the password, and no more,
> otherwise login is denied.
>
> What has changed, and why?
>
>
The problem with the passwords is only a problem because you may be   using other machines that don't support MD5 passwords.
Traditionally, UNIX
operating systems only accepted a maximum of 8 characters for the
password, which was passed to the crypt(3) function.

Something changed in RedHat 7.2 (maybe earlier, since this hasn't come up until now) so that even if you are just using crypt and
have disabled MD5 passwords, the "gobblegook" characters are recognized and your
password is invalidated. I tried to determine if this was a PAM module
feature, or part of RedHat. I wasn't able to find something in the PAM
module documentation to say it's a PAM thing. I use PAM at home and
characters above 8 are ignored. If you do activate MD5 password
support (the default, it appears), then RedHat uses crypt(3) for
passwords <= 8 characters and md5(3) for passwords > 8 characters.

Those two changes (checking for extra characters even when MD5 is
disabled and mixing crypt with MD5 passwords) makes global password
administration difficult since other unices only support crypt and 8
character passwords. :-)

Walter
wworth prodigy net