From owner-freebsd-stable Thu Mar 2 20: 9:18 2000 Delivered-To: freebsd-stable@freebsd.org Received: from astral.elitenet.com.br (astral.elitenet.com.br [200.223.11.27]) by hub.freebsd.org (Postfix) with ESMTP id 56A4C37B5A0 for ; Thu, 2 Mar 2000 20:09:03 -0800 (PST) (envelope-from duwde@duwde.com.br) Received: from duwde.com.br (dl112216.ssa.zaz.com.br [200.223.112.216]) by astral.elitenet.com.br (8.9.3p/8.9.3/ASTRAL-4.2c) with ESMTP id XAA23804; Thu, 2 Mar 2000 23:20:44 -0300 (EST) Message-ID: <38BF10BF.86D1EA83@duwde.com.br> Date: Thu, 02 Mar 2000 22:09:19 -0300 From: Fabio Dias X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Gene Harris , freebsd-stable@freebsd.org Subject: Re: Password Length References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Gene Harris wrote: Hi Gene. > I just noticed today that my passwords are only being checked to a length of 8 > characters. (By this I mean that I only have to type in the first 8 > characters of the password. YIKES!) I have minpasswdlen set to 8 in my > login.conf file for the user profile. I have studied the man chpass, man > passwd and man login.conf pages. Is there a setting someplace that extends > the length of the password? This was very unsettling to discover! Aren't you running crypt+DES ? I bet you are :) Passwords (without crypt+DES) can be up to_PASSWORD_LEN - 1 (NULL) == 127 Indeed, when running crypt+DES, If I'm not wrong, what you've described is true. -- /* Fabio Dias / Duwde HP & PGP avaible at http://www.duwde.com.br PGP key (2048 Bits / KeyID 0x6A53EC31) FP: BB35 50F2 7F83 655D 6B11 F0A2 F8E2 FF3D */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message