On Wed Dec 05, 2001 at 02:29:29PM -0600, Vox wrote: > > PAM in 8.1 isnt set to use MD5, therefore users can have passwords >8chars > > but u can login using only the 1st 8. > > Mmmm...I just tried this...I have a 14char password and tried > logging in at a console with just the first 8, 9, 10, 11, 12 and 13 > chars...none of them worked. Had to use all 14 chars to log in. And > I have mdk8.1 with pam-0.75-7mdk and I have *not* changed the line > you mentioned...this is my file, just as it came from the pam > package: > > #%PAM-1.0 > auth required /lib/security/pam_pwdb.so shadow nullok > account required /lib/security/pam_pwdb.so > password required /lib/security/pam_cracklib.so retry=3 > password required /lib/security/pam_pwdb.so use_authtok nullok > > So...this "bug" you are seeing comes from something else, probably > something you did to your configuration. BTW, security level here > is medium.
No, it looks to me like something changed in the installer. I did some digging last night and none of the passwd packages we've ever shipped include the options "md5" or "shadow" to the pam_pwdb.so module. However, in all versions up to 8.0, this looks to have been appended by DrakX during the installation (probably when it asks if you want md5 and shadow passwords). That made things work properly in previous versions. It doesn't look like this is the case with 8.1 (maybe cooker, haven't checked, but I suspect it's the same). DrakX isn't appending this to the pam_pwdb.so call, so passwd uses normal passwords instead of md5 passwords after the initial install. For example, users defined during the install are fine. Users who post-install change their passwords or new users added to the system don't have md5 passwords, which is why the password, even if it's 50 characters long, will only require the first 8-9 characters (whatever the exact number is). Yes, an update for 8.1's passwd will be out shortly that, by default, adds "shadow md5" to the pam_pwdb.so module. -- OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.8-34.1mdk uptime: 17 days 21 hours 46 minutes.
msg48929/pgp00000.pgp
Description: PGP signature