From owner-freebsd-questions Mon Apr 3 22:26:29 2000 Delivered-To: freebsd-questions@freebsd.org Received: from rjk191.rh.psu.edu (RJK191.rh.psu.edu [128.118.193.182]) by hub.freebsd.org (Postfix) with ESMTP id 0D35637B616 for ; Mon, 3 Apr 2000 22:26:26 -0700 (PDT) (envelope-from ray@rjk191.rh.psu.edu) Received: (from ray@localhost) by rjk191.rh.psu.edu (8.9.3/8.9.3) id BAA00648; Tue, 4 Apr 2000 01:26:07 -0400 (EDT) (envelope-from ray) Date: Tue, 4 Apr 2000 01:26:07 -0400 From: Ray Kohler To: Bhishan Hemrajani Cc: freebsd-questions@freebsd.org Subject: Re: only 8 chars of password needed to login Message-ID: <20000404012607.A623@rjk191.rh.psu.edu> Reply-To: rjk191@psu.edu References: <200004040448.e344mDn01205@cytosine.dhs.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200004040448.e344mDn01205@cytosine.dhs.org>; from bhishan@cytosine.dhs.org on Mon, Apr 03, 2000 at 09:48:13PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Apr 03, 2000 at 09:48:13PM -0700, Bhishan Hemrajani wrote: > I have a problem with user's passwords on my > system. I'm not sure if it is an error in my > setting up FreeBSD, or a security hole. > > What happens is, I set a password for a user > that is 10chars long. But, when I login, I can > just enter 8chars and anything after that, or just > the 8chars and it will let me log in. The reason for this is that you are using DES passwords. The 8 character limit is a function of that system. If you want to fix it, do this: Use vipw (as root) to open /etc/passwd. For each account that you want to fix, add the string "$1$" to the beginning to the encrypted password string. Quit vipw, and then run passwd to set the right password for each user you changed. The reason this works is that the crypt library searches for the string "$1$" at the beginning of the password to figure out if it is md5. Once you put it there once, the system will preserve it, thus allowing you to use md5 passwords (which can be longer than 8 characters). -- Ray Kohler When you're not looking at it, this fortune is written in FORTRAN. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message