From owner-freebsd-security Sat Apr 10 5:56:30 1999 Delivered-To: freebsd-security@freebsd.org Received: from ppc1.cybertime.ch (ppc1.cybertime.ch [194.191.120.136]) by hub.freebsd.org (Postfix) with ESMTP id 676D914C45 for ; Sat, 10 Apr 1999 05:56:25 -0700 (PDT) (envelope-from pajarola@cybertime.ch) Received: from tiamat.dlc.cybertime.ch (tiamat.dlc.cybertime.ch [194.191.120.143]) by ppc1.cybertime.ch (8.9.2/8.9.2) with SMTP id OAA60354; Sat, 10 Apr 1999 14:54:01 +0200 Message-Id: <3.0.32.19990410144655.00b84ba0@shrike.overmind.ch> X-Sender: pajarola@shrike.overmind.ch X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sat, 10 Apr 1999 14:53:50 +0200 To: security@FreeBSD.ORG From: Rico Pajarola Subject: Re: FreeBSD 2.2.8 and DES (again) Cc: Lauro Barbosa Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Tested that on several machines (DES as well as non-DES), 2.2.6, 3.1 and current, and none of them shows this behaviour Only when when the normal username is exactly 8 characters long (or 16 on 3.x and current), it ignores *any* excess characters... eg on current, I have a user called testtesttesttest (16 characters), and I can login as 'testtesttesttest' or as user 'testtesttesttest.' or as user 'testtesttesttestXXXXXXXXXX'. At least OpenBSD 2.3 and AIX4 do this, too. RH Linux 5.2 and SunOS 5.6 don't (or they have much larger username limits, I don't know). Rico >Hello Again! > Please, I need help. > I have a server with FreeBSD 2.2.8 and DES instaled. > In this server the users can to login using login_name or >login_name. >(whit dot at end). for example: john or john. > Anybody know this problem ? > How can to correct this ? > Sorry my poor english. > Thanks, > Lauro. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message