topic Re: maximum password length ? in Operating System - HP-UX

maximum password length ?

Kathryn Lybarger — Mon, 23 Jul 2001 17:02:32 GMT

I have an HP-UX 11.00 workstation which is a trusted system, and I have set maximum password length to be 8. It does not appear that this is enforced, however. The program (/usr/bin/passwd) will accept passwords that are longer than 8 characters, and does not ignore characters after the 8th one like I would expect. (That is, if I make a 10 character password, all 10 characters are required for authorization). Is 8 too short of a length to be enforced? How does this work?

Kathryn

Re: maximum password length ?

Victor_5 — Mon, 23 Jul 2001 17:29:21 GMT

By default, an HP-UX non-trusted system will only read the first 8 characters of a password. When a password is set more characters can be entered, but when logging in only the first 8 are read. On a HP-UX trusted
system the password can be longer, but if converting from a non-trusted system to a trusted system then the passwords are 8 characters until changed.

Re: maximum password length ?

Shahul — Tue, 24 Jul 2001 04:36:52 GMT

Hi

Once U covert the system as trusted system, Then it will take the passwd length as what U typed regardless of maximum length specified. But before converting to trusted, Suppose ur passwd length was 10, after converting it will take only first 8 charecters.

Shahul

Re: maximum password length ?

eran maor — Tue, 24 Jul 2001 06:03:00 GMT

Hi
A password must have at least six characters and can have up to 80.
Special characters can include control characters and symbols such as
asterisks and slashes. In standard mode, only the first eight
characters are used. In trusted mode, all 80 are significant.

After a conversion to a Trusted System, only the first eight characters
of a converted password will be acceptable. Users who had a longer
password on the standard system must log in for the first time on the
Trusted System with only the first eight characters. Then they may
choose a longer password, if they desire. If a system is converted back
to standard mode, the passwords are truncated to the first eight
characters."

If a tsconvert is performed with the default password expiry then the
following behaviour is observed:

o user enters loginname at login prompt
o user enters their pre-trusted long password
o system accepts password which then prompts the user to change
their password due to expiry

o "Old password" prompt displayed, long password entered, "Sorry"
message is displayed because the password is not accepted this time.

If the test is repeated and only the first 8 chars of the password is
entered at the "Old password" prompt then the user can continue and the
password can be changed. So it seems that at the first prompt the
system will accept 8 or more characters of the password whilst the "Old
password" prompt will ONLY accept the first 8!

from my exper. with trusted system your case is a bit strange , i will check all the patches for trusted system but i have a trusted system in our site and i tried to define pass more then 8 char but the auth. of the user needed only 8 char .

Re: maximum password length ?

Kathryn Lybarger — Tue, 24 Jul 2001 16:47:46 GMT

So is the "maximum password length" field
ignored? If not, does it just not work the
way I think it does? I would like for my
trusted system to treat passwords the way the
non-trusted system treated them; that is, no
matter how long of a password is given, only
the first 8 are necessary, and if more than
the original 8 are given, you will still be
authorized. Is this possible?