[7852] in bugtraq
Re: Bug in login
daemon@ATHENA.MIT.EDU (System Grunt)
Tue Sep 1 18:56:17 1998
Date: Tue, 1 Sep 1998 12:28:47 -1000
Reply-To: System Grunt <poidog@IAV.COM>
From: System Grunt <poidog@IAV.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSI.3.95.980901121758.865A-100000@llama.ackley.net>
On Tue, 1 Sep 1998, Jason Ackley wrote:
> On Tue, 1 Sep 1998, Justin Priestley wrote:
>
> > Not sure if this is known yet.
> >
> >
> > I use FreeBSD and also work on BSDI. If a user has numbers on the end
> > of their passwd, this is not recognised. Add a user and telnet to your
> > machine. Make sure the passwd has numbers on the end.
>
> Unable to replicate on BSDI 3.1, how long was the password before the
> numbers started? What is the password length setting in /etc/login.conf?
On BSDi 2.1 also doesn't matter, password limits of 8 or 128, tested on
both. Jason, is probably right that you used a password exceeding 8
characters in length. Meaning asdfasdf is the same as asdfasdf1 or
asdfasdfx or asdfasdfbuggaboo. It just truncates it after the first 8
characters... guess that's why it's 8 significant characters. ;)
Now a real fun one is using a username of ONLY numerics. Try adding a
user '1234' then see how that affects quotas on that user...
> After the default setting of 8 chars, nothing matters, BSDI does support
> 'widepasswords' of 128 chars though that you must enable in
> /etc/login.conf. See login.conf(5)
--
Aloha from Paradise,
Sherwood
System Grunt
