topic Re: password in Operating System - Linux

password

Son dam bi — Tue, 17 Nov 2009 04:13:09 GMT

In the redhat system , the current password policy is case senitive , can advise how to cancel it ?

for example : if the password is ABC456 , the user can still login the system with abc456 , what can i do ?

please ignore the security issure .

Thx in advance.

Re: password

Rob Leadbeater — Tue, 17 Nov 2009 09:41:05 GMT

Hi,

You question doesn't really make sense.

Do you want to make the password case INsensitive, so that they can log on with either upper or lower case ?

I'm not sure that it's possible, although you've given us no information on which "redhat" system you're talking about...

Cheers,

Rob

Re: password

Ivan Ferreira — Tue, 17 Nov 2009 13:08:07 GMT

Even windows password is case sensitive, can you explain if you have a specific problem or requirement that could be solved without reinventing the wheel.

Re: password

Matti_Kurkela — Tue, 17 Nov 2009 13:32:12 GMT

The case sensitivity is hard-coded into the password hashing algorithm. To make it case-insensitive, you would have to download the source code of the pam_unix.so PAM module and modify it to be always set the password to either all lower or all upper case before hashing.

(The unix-style password hashing cannot be reversed: a password is checked by hashing the password that user entered, and comparing the result to the stored password hash. If they match, the password was correct.)

But this is just a Wrong Thing to do: in Unix/Linux systems, *all command and file names* are case sensitive by default, and this cannot be changed. The users *must* learn to live with it.

MK

Re: password

Steven Schweda — Tue, 17 Nov 2009 14:28:49 GMT

> But this is just a Wrong Thing to do: [...]

But a password is not a command or file name;
it's a password.

> [...] pam_unix.so [...]

If no one else has done it already.

> The users *must* learn to live with it.

Not if you change it. VMS, by the way, has
(by default) case-insensitive passwords.
(It's been "Wrong" for over thirty years,
with few complaints. And no complaints at
all about a "Caps Lock" key in the wrong
state. Many would not call this "Wrong".)

Re: password

Randy Jones_3 — Wed, 18 Nov 2009 03:01:18 GMT

> If no one else has done it already.

It did not take me five minutes to find
http://linux.derkeiler.com/Newsgroups/comp.os.linux.misc/2009-10/msg00125.html

Re: password

dirk dierickx — Thu, 19 Nov 2009 08:43:47 GMT

passwords, pfhu! what is it good for? hey, here is an idea, we'll disable passwords all together. pure brilliance.