This content has been marked as final. Show 10 replies
maybe is because the password only takes the first 8 characters as password by default... the rest is ignored.
Check the file /etc/default/passw for more info..
I hope it helps
I'm on a default installation of s10 5/08. The only thing I found in /etc/default/passwd is
I don't understand why you could want to use the first 8 chars and ignore everything after and still accept the password?
MAXWEEKS= MINWEEKS= PASSLENGTH=6
Ok 6 chars it's been using by default sorry.
Change it and match the size you want in your passwords.
PASSLENGTH is for setting the minimum length of the password, not to ignore the chars pass the sixth char... The problem is that if I set a password 'qwerty' I can loggin with 'qwertyfdsagfagfdgfds' or 'qwerybvxkrejfdasjkk'... everything like 'qwerty*' is accepted.
The behavior you describe is expected when using the default "crypt_unix" password encryption scheme. This scheme will only encrypt the first eight characters of a password, and thus only the first eight characters need to match when the password is typed in again. It is not a "bug", but a known limitation of the algorithm - it is largely kept around for backward compatibility, and unfortunately is set as the default on Solaris systems when installed.
To resolve this, set your OS to use MD5 or Blowfish algorithms instead of crypt_unix.
This can be changed in the /etc/security/policy.conf file. You can set crypt algorithms to allow, and there is also a setting to deprecate (forbid) the use of the "crypt_unix" algorithm and change the default to a more secure one.
See your "Solaris 10 System Administration Guide: Security Services" for more information.
(Relevent section linked here.)
Seriously a big thanks! I didn't find anything about this particularity after a lot of googling and searching on forums. Wrong key words I guess...
Happy to help!
The irony is that some organizations insist on longer passwords (ten or 13 characters) for accounts, but never realize that only eight characters will be checked, so their "increased security" is just an illusion.
Actually you can change the default encryption which as already noted is up to 8 characters.
See this link: http://docs.sun.com/app/docs/doc/819-3321/secsystask-42?a=view
1 and 5 are 2 versions of md5, 2a is blowfish.
Using these gives you a password length of 255 characters.
Actually, the "old" algorithm still gives you about 1.677.721.600.000.000 ( = 80^8 considering 80 actually typeable characters.. a-zA-Z0-9 and the various signs and punctuation stuff) possible passwords.
People who are unable to pick a secure password with 8 chars, won't be able to pick one with 12 or 255 chars either. Even the longest password won't protect you from fools using '12345678' or 'password'.
Some social problems simply can't be solved technologically.
Some environments have minimum password lengths >8 so they would be impacted.