Matt Keating wrote, On 08/11/2010 12:17 PM: > On Wed, Aug 11, 2010 at 4:57 PM, Matt Keating <keatster at gmail.com> wrote: >> On Wed, Aug 11, 2010 at 4:45 PM, Ray Van Dolson <rayvd at bludgeon.org> wrote: >>> On Wed, Aug 11, 2010 at 04:38:22PM +0100, Matt Keating wrote: >>>> Hi, >>>> <SNIP> >>>> >>>> The 'passwd' command only recognises the first 9 characters too... >>>> >>>> Has anyone seen this before, or know how to fix it? I feel its a major >>>> security risk and would like it fixed ASAP. >>> Sounds like you're using DES password hashes instead of the newer MD5 >>> style. >>> >>> If you take a peek at some of the password entries in your /etc/shadow >>> do they have a $1$ at the beginning? If not, you're probably using DES >>> which is limited to 8 characters. >> Sounds like you're on the money. I didn't install this server, so I >> didn't choose the security stuff. >> Passwords don't start with $.... >> <SNIP> > > $ sudo authconfig --usemd5 --updateall > > Done! > > Thanks Ray! One subject for concern (even if it is too late, for you now), is if that box is serving NIS/LDAP to an older sunos/solaris/[other old Unix] system (how IT would be up to to date security wise is another question), then you may have a problem if the sun has not been updated to handle MD5 pass-phrase hashes. Now you know why the old sun guy in the corner is confused about why he can't login. :) -- Todd Denniston Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the Power of Technology for the Warfighter