Matt Keating wrote, On 08/11/2010 12:17 PM:
On Wed, Aug 11, 2010 at 4:57 PM, Matt Keating keatster@gmail.com wrote:
On Wed, Aug 11, 2010 at 4:45 PM, Ray Van Dolson rayvd@bludgeon.org wrote:
On Wed, Aug 11, 2010 at 04:38:22PM +0100, Matt Keating wrote:
Hi,
<SNIP>
The 'passwd' command only recognises the first 9 characters too...
Has anyone seen this before, or know how to fix it? I feel its a major security risk and would like it fixed ASAP.
Sounds like you're using DES password hashes instead of the newer MD5 style.
If you take a peek at some of the password entries in your /etc/shadow do they have a $1$ at the beginning? If not, you're probably using DES which is limited to 8 characters.
Sounds like you're on the money. I didn't install this server, so I didn't choose the security stuff. Passwords don't start with $....
<SNIP>
$ sudo authconfig --usemd5 --updateall
Done!
Thanks Ray!
One subject for concern (even if it is too late, for you now), is if that box is serving NIS/LDAP to an older sunos/solaris/[other old Unix] system (how IT would be up to to date security wise is another question), then you may have a problem if the sun has not been updated to handle MD5 pass-phrase hashes.
Now you know why the old sun guy in the corner is confused about why he can't login. :)