Re: extrange passwd behaviour
On Sunday, 2003-12-07 at 00:58:59 +0900, Hideki Yamane wrote: Can't be NIS. NIS will transport any password style faithfully. Of course the master server must support MD5 passwords if you change your password and the passwd command sends an MD5 password to the yppasswordd. I've heard about non-Linux NIS client (for example, solaris8 and SFU - Windows Service for Unix) cannot use MD5 password for NIS. Is it not true? Can't tell about Windows. But Solaris up to the most recent released version (Solaris 9) can only use DES passwords. I believe I read that Solaris 10 will add support for MD5. FreeBSD supports MD5 passwords. So it's not non-Linux. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Violence is the resort of the violent Lu Tze | | Thief of Time, Terry Pratchett | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
On Sat, 6 Dec 2003, Hideki Yamane wrote: i was talking about i dont know why it is default to use unsecure crypt() instead of md5. But I can think of something like compatibility (to what?) :) to ...maybe NIS ? I use NIS with md5, no compatibility problems at all as long as all clients support md5 passwords. Bye Giacomo -- _ Giacomo Mulas [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
On Sunday, 2003-12-07 at 00:58:59 +0900, Hideki Yamane wrote: Can't be NIS. NIS will transport any password style faithfully. Of course the master server must support MD5 passwords if you change your password and the passwd command sends an MD5 password to the yppasswordd. I've heard about non-Linux NIS client (for example, solaris8 and SFU - Windows Service for Unix) cannot use MD5 password for NIS. Is it not true? Can't tell about Windows. But Solaris up to the most recent released version (Solaris 9) can only use DES passwords. I believe I read that Solaris 10 will add support for MD5. FreeBSD supports MD5 passwords. So it's not non-Linux. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Violence is the resort of the violent Lu Tze | | Thief of Time, Terry Pratchett |
Re: extrange passwd behaviour
On Sat, 6 Dec 2003, Hideki Yamane wrote: i was talking about i dont know why it is default to use unsecure crypt() instead of md5. But I can think of something like compatibility (to what?) :) to ...maybe NIS ? I use NIS with md5, no compatibility problems at all as long as all clients support md5 passwords. Bye Giacomo -- _ Giacomo Mulas [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _
Re: extrange passwd behaviour
Hi, i was talking about i dont know why it is default to use unsecure crypt() instead of md5. But I can think of something like compatibility (to what?) :) to ...maybe NIS ? # if the reason why using crypt is NIS compatibility, people who uses NIS system is not so many, so I think it's better that defalt value is md5 than crypt. -- Regards, Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
On Friday, 2003-12-05 at 20:39:16 +0100, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: Dont know why and for which debian versions it is default, I have some mixed ones. Why? Because it uses DES and DES uses 56 bit keys. Eight 7 bit chars give you exactly 56 bits... *lol* i was talking about i dont know why it is default to use unsecure crypt() instead of md5. If you find it funny I misunderstood you ... I don't find it funny I can't reply to you. Mail to your addess bounce. :-P But I can think of something like compatibility (to what?) :) Ever heard about X/Open and their Unix standards? I'd bet they specify this in exceeding detail. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Violence is the resort of the violent Lu Tze | | Thief of Time, Terry Pratchett | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
On Saturday, 2003-12-06 at 17:03:02 +0900, Hideki Yamane wrote: i was talking about i dont know why it is default to use unsecure crypt() instead of md5. But I can think of something like compatibility (to what?) :) to ...maybe NIS ? # if the reason why using crypt is NIS compatibility, people who uses NIS system is not so many, so I think it's better that defalt value is md5 than crypt. Can't be NIS. NIS will transport any password style faithfully. Of course the master server must support MD5 passwords if you change your password and the passwd command sends an MD5 password to the yppasswordd. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Violence is the resort of the violent Lu Tze | | Thief of Time, Terry Pratchett | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
Hi, Can't be NIS. NIS will transport any password style faithfully. Of course the master server must support MD5 passwords if you change your password and the passwd command sends an MD5 password to the yppasswordd. I've heard about non-Linux NIS client (for example, solaris8 and SFU - Windows Service for Unix) cannot use MD5 password for NIS. Is it not true? -- Regards, Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
Hi, i was talking about i dont know why it is default to use unsecure crypt() instead of md5. But I can think of something like compatibility (to what?) :) to ...maybe NIS ? # if the reason why using crypt is NIS compatibility, people who uses NIS system is not so many, so I think it's better that defalt value is md5 than crypt. -- Regards, Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
Re: extrange passwd behaviour
On Friday, 2003-12-05 at 20:39:16 +0100, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: Dont know why and for which debian versions it is default, I have some mixed ones. Why? Because it uses DES and DES uses 56 bit keys. Eight 7 bit chars give you exactly 56 bits... *lol* i was talking about i dont know why it is default to use unsecure crypt() instead of md5. If you find it funny I misunderstood you ... I don't find it funny I can't reply to you. Mail to your addess bounce. :-P But I can think of something like compatibility (to what?) :) Ever heard about X/Open and their Unix standards? I'd bet they specify this in exceeding detail. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Violence is the resort of the violent Lu Tze | | Thief of Time, Terry Pratchett |
Re: extrange passwd behaviour
On Saturday, 2003-12-06 at 17:03:02 +0900, Hideki Yamane wrote: i was talking about i dont know why it is default to use unsecure crypt() instead of md5. But I can think of something like compatibility (to what?) :) to ...maybe NIS ? # if the reason why using crypt is NIS compatibility, people who uses NIS system is not so many, so I think it's better that defalt value is md5 than crypt. Can't be NIS. NIS will transport any password style faithfully. Of course the master server must support MD5 passwords if you change your password and the passwd command sends an MD5 password to the yppasswordd. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Violence is the resort of the violent Lu Tze | | Thief of Time, Terry Pratchett |
Re: extrange passwd behaviour
Hi, Can't be NIS. NIS will transport any password style faithfully. Of course the master server must support MD5 passwords if you change your password and the passwd command sends an MD5 password to the yppasswordd. I've heard about non-Linux NIS client (for example, solaris8 and SFU - Windows Service for Unix) cannot use MD5 password for NIS. Is it not true? -- Regards, Hideki Yamanemailto:henrich @ samba.gr.jp/iijmio-mail.jp
Re: extrange passwd behaviour
- Original Message - From: Ruben Porras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 12:21 AM Subject: Re: extrange passwd behaviour El jue, 04-12-2003 a las 22:05, Kevin escribi: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) If you are not using md5 passwords will have a max length of 8 characters. If you're using md5 your pam config for passwd etc should look something like this: passwordrequiredpam_unix.so md5 And the passwords in the shadow file should start with $1$ The problem was that I was not using md5 passwd. I don't know why /etc/pam.d/passwd was set to allow fall-through to the 'other' service. The debconf configuration of passwd says that md5 should be enabled. I've tried to run dpkg-reconfigure passwd with no effect, but that is another problem and off-topic here. Putting the line by hand works perfectly. Thanks. Hi In Debian default /etc/login.defs # # Number of significant characters in the password for crypt(). # Default is 8, don't change unless your crypt() is better. # If using MD5 in your PAM configuration, set this higher. # PASS_MAX_LEN8 -- Riku -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
Quoting Bernd Eckenfels [EMAIL PROTECTED]: In article [EMAIL PROTECTED] you wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. Dont know why and for which debian versions it is default, I have some mixed ones. Why? Because it uses DES and DES uses 56 bit keys. Eight 7 bit chars give you exactly 56 bits... I've always wondered if the high bit does indeed make no difference. Right now, I have only Solaris to try. ... Nope, the high bit is ignored on Solaris. I'll have to try this at home tonight with Debian and FreeBSD. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Violence is the resort of the violent Lu Tze | | Thief of Time, Terry Pratchett | This message was sent using IMP, the Internet Messaging Program. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
In article [EMAIL PROTECTED] you wrote: Dont know why and for which debian versions it is default, I have some mixed ones. Why? Because it uses DES and DES uses 56 bit keys. Eight 7 bit chars give you exactly 56 bits... *lol* i was talking about i dont know why it is default to use unsecure crypt() instead of md5. But I can think of something like compatibility (to what?) :) Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
- Original Message - From: Ruben Porras [EMAIL PROTECTED] To: debian-security@lists.debian.org Sent: Friday, December 05, 2003 12:21 AM Subject: Re: extrange passwd behaviour El jue, 04-12-2003 a las 22:05, Kevin escribió: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) If you are not using md5 passwords will have a max length of 8 characters. If you're using md5 your pam config for passwd etc should look something like this: passwordrequiredpam_unix.so md5 And the passwords in the shadow file should start with $1$ The problem was that I was not using md5 passwd. I don't know why /etc/pam.d/passwd was set to allow fall-through to the 'other' service. The debconf configuration of passwd says that md5 should be enabled. I've tried to run dpkg-reconfigure passwd with no effect, but that is another problem and off-topic here. Putting the line by hand works perfectly. Thanks. Hi In Debian default /etc/login.defs # # Number of significant characters in the password for crypt(). # Default is 8, don't change unless your crypt() is better. # If using MD5 in your PAM configuration, set this higher. # PASS_MAX_LEN8 -- Riku -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
In article [EMAIL PROTECTED] you wrote: Dont know why and for which debian versions it is default, I have some mixed ones. Why? Because it uses DES and DES uses 56 bit keys. Eight 7 bit chars give you exactly 56 bits... *lol* i was talking about i dont know why it is default to use unsecure crypt() instead of md5. But I can think of something like compatibility (to what?) :) Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
extrange passwd behaviour
I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) $$ adduser test Adding user test... Adding new group test (1006). Adding new user test (1006) with group test. Enter new UNIX password: qwertyuiop -- this, for example 10 letters Retype new UNIX password: qwertyuiop passwd: password updated successfully Changing the user information for test Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/n] y $$ su test Password: qwertyui --- only 8 letters (qwertyuivnksshfdd, for example would be also ok) $$ whoami test I don't see nothing about this in BTS, I'm puzzled. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) If you are not using md5 passwords will have a max length of 8 characters. If you're using md5 your pam config for passwd etc should look something like this: passwordrequiredpam_unix.so md5 And the passwords in the shadow file should start with $1$ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
On Thu, 2003-12-04 at 15:12, Ruben Porras wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) $$ adduser test Adding user test... Adding new group test (1006). Adding new user test (1006) with group test. Enter new UNIX password: qwertyuiop -- this, for example 10 letters Retype new UNIX password: qwertyuiop passwd: password updated successfully Changing the user information for test Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/n] y $$ su test Password: qwertyui --- only 8 letters (qwertyuivnksshfdd, for example would be also ok) $$ whoami test I don't see nothing about this in BTS, I'm puzzled. Why would it be ib BTS? That is standard SOP. If you are root... no password needed on that unless you have more than traditional *NIX security. Remember root OWNS the system. root RULES the roost. Now if you try it as an unprivileged user and it succeeds... then we gots LOTSA problems to deal with. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry signature.asc Description: This is a digitally signed message part
Re: extrange passwd behaviour
On Thu, Dec 04, 2003 at 09:12:22PM +0100, Ruben Porras wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) This is how the standard Unix passwords work, and that is the default on Debian (I don't quite know why, but it is). It's not a bug, it's by design. Install libpam0g (if you don't already have it installed) and enable md5 passwords to get more secure passwords. --- Wade -- /\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign| Wade Richards --- [EMAIL PROTECTED] X - NO HTML/RTF in e-mail | Fight SPAM! Join CAUCE. / \ - NO Word docs in e-mail | See http://www.cauce.org/ for details. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
In article [EMAIL PROTECTED] you wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. this is the default unix behaviour. What settings do you have in pam? Especially do you use md5 passwords? Dont know why and for which debian versions it is default, I have some mixed ones. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
El jue, 04-12-2003 a las 22:08, Greg Folkert escribi: On Thu, 2003-12-04 at 15:12, Ruben Porras wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) $$ adduser test Adding user test... Adding new group test (1006). Adding new user test (1006) with group test. Enter new UNIX password: qwertyuiop -- this, for example 10 letters Retype new UNIX password: qwertyuiop passwd: password updated successfully Changing the user information for test Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/n] y $$ su test Password: qwertyui --- only 8 letters (qwertyuivnksshfdd, for example would be also ok) $$ whoami test I don't see nothing about this in BTS, I'm puzzled. Why would it be ib BTS? That is standard SOP. If you are root... no password needed on that unless you have more than traditional *NIX security. Remember root OWNS the system. root RULES the roost. Sorry, I forgot to mention that the su command was not executed as root. As other people say it's a problem related with md5 passwd. Thantks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: extrange passwd behaviour
El jue, 04-12-2003 a las 22:05, Kevin escribi: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) If you are not using md5 passwords will have a max length of 8 characters. If you're using md5 your pam config for passwd etc should look something like this: passwordrequiredpam_unix.so md5 And the passwords in the shadow file should start with $1$ The problem was that I was not using md5 passwd. I don't know why /etc/pam.d/passwd was set to allow fall-through to the 'other' service. The debconf configuration of passwd says that md5 should be enabled. I've tried to run dpkg-reconfigure passwd with no effect, but that is another problem and off-topic here. Putting the line by hand works perfectly. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
extrange passwd behaviour
I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) $$ adduser test Adding user test... Adding new group test (1006). Adding new user test (1006) with group test. Enter new UNIX password: qwertyuiop -- this, for example 10 letters Retype new UNIX password: qwertyuiop passwd: password updated successfully Changing the user information for test Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/n] y $$ su test Password: qwertyui --- only 8 letters (qwertyuivnksshfdd, for example would be also ok) $$ whoami test I don't see nothing about this in BTS, I'm puzzled.
Re: extrange passwd behaviour
I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) If you are not using md5 passwords will have a max length of 8 characters. If you're using md5 your pam config for passwd etc should look something like this: passwordrequiredpam_unix.so md5 And the passwords in the shadow file should start with $1$
Re: extrange passwd behaviour
On Thu, Dec 04, 2003 at 09:12:22PM +0100, Ruben Porras wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) This is how the standard Unix passwords work, and that is the default on Debian (I don't quite know why, but it is). It's not a bug, it's by design. Install libpam0g (if you don't already have it installed) and enable md5 passwords to get more secure passwords. --- Wade -- /\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign| Wade Richards --- [EMAIL PROTECTED] X - NO HTML/RTF in e-mail | Fight SPAM! Join CAUCE. / \ - NO Word docs in e-mail | See http://www.cauce.org/ for details.
Re: extrange passwd behaviour
On Thu, 2003-12-04 at 15:12, Ruben Porras wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) $$ adduser test Adding user test... Adding new group test (1006). Adding new user test (1006) with group test. Enter new UNIX password: qwertyuiop -- this, for example 10 letters Retype new UNIX password: qwertyuiop passwd: password updated successfully Changing the user information for test Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/n] y $$ su test Password: qwertyui --- only 8 letters (qwertyuivnksshfdd, for example would be also ok) $$ whoami test I don't see nothing about this in BTS, I'm puzzled. Why would it be ib BTS? That is standard SOP. If you are root... no password needed on that unless you have more than traditional *NIX security. Remember root OWNS the system. root RULES the roost. Now if you try it as an unprivileged user and it succeeds... then we gots LOTSA problems to deal with. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry signature.asc Description: This is a digitally signed message part
Re: extrange passwd behaviour
In article [EMAIL PROTECTED] you wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. this is the default unix behaviour. What settings do you have in pam? Especially do you use md5 passwords? Dont know why and for which debian versions it is default, I have some mixed ones. Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: extrange passwd behaviour
El jue, 04-12-2003 a las 22:08, Greg Folkert escribió: On Thu, 2003-12-04 at 15:12, Ruben Porras wrote: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) $$ adduser test Adding user test... Adding new group test (1006). Adding new user test (1006) with group test. Enter new UNIX password: qwertyuiop -- this, for example 10 letters Retype new UNIX password: qwertyuiop passwd: password updated successfully Changing the user information for test Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/n] y $$ su test Password: qwertyui --- only 8 letters (qwertyuivnksshfdd, for example would be also ok) $$ whoami test I don't see nothing about this in BTS, I'm puzzled. Why would it be ib BTS? That is standard SOP. If you are root... no password needed on that unless you have more than traditional *NIX security. Remember root OWNS the system. root RULES the roost. Sorry, I forgot to mention that the su command was not executed as root. As other people say it's a problem related with md5 passwd. Thantks.
Re: extrange passwd behaviour
El jue, 04-12-2003 a las 22:05, Kevin escribió: I've discovered that login, sudo, gdm only take care of the first 8 characters of the passwd. The following characters don't count. See the following example (I've created a new user just to make the test) If you are not using md5 passwords will have a max length of 8 characters. If you're using md5 your pam config for passwd etc should look something like this: passwordrequiredpam_unix.so md5 And the passwords in the shadow file should start with $1$ The problem was that I was not using md5 passwd. I don't know why /etc/pam.d/passwd was set to allow fall-through to the 'other' service. The debconf configuration of passwd says that md5 should be enabled. I've tried to run dpkg-reconfigure passwd with no effect, but that is another problem and off-topic here. Putting the line by hand works perfectly. Thanks.
