topic Re: Password length - again in Operating System - Linux

Password length - again

David Ledger at Bham — Thu, 24 Nov 2005 08:21:32 GMT

I _have_ read several previous threads on this.

We use sudo (from sudo-1.6.8p7-sd-11.11) on a HP-UX 11i trusted system. As is, this requires users to have a <= 8 char passwd. I either need to configure sudo to work with the 25char encrypted passords I get when a user uses >8 chars or force users to use <= 8 chars. Either would do.

I know that the max-length configured in SAM only controls the length of auto-generated passwords (not that this works).

There seems to be solutions for Linux (/etc/login.def).

/etc/default/security doesn't include a max length setting AFAICS.

Ideas please

David

Re: Password length - again

Bill Thorsteinson — Thu, 24 Nov 2005 13:03:18 GMT

Look at your pam configuration.
The password entry for pam_unix inclues a max
option
There are alternative password verifiers that
also work.
However, if they change the pasword as root,
the verifications are bypassed.

I am surprized that the HP-UX trusted system
would limit passwords to 8 characters.
Check the pam password settings on HP-UX.

Re: Password length - again

Steven E. Protter — Fri, 25 Nov 2005 06:14:14 GMT

Shalom David,

HP-UX can handle passwords of more than 8 characters. For that you need to go to a trusted system. Then it will be compatible with Linux on that level.

HP-UX still however ignores usernames more than 8 charactes under trusted mode and if that is an issue there is little you can do.

sudo is an open source product and there is source code on the website you got it from. You can probably change any routines that don't work with more than 8 characters and recompile.

SEP

Re: Password length - again

David Ledger at Bham — Mon, 28 Nov 2005 05:44:42 GMT

Thanks both.

The man pages for pam_unix don't offer a password length parameter to put into pam_conf. Only use_first_pass, try_first_pass and use_psd are documented.

I meant to post this into the HP-UX admin forum but I must have been in a searched anywhere/found Linux thread when I posted.

Re: Password length - again

Steven E. Protter — Mon, 28 Nov 2005 06:00:34 GMT

David,

Your best bet is to limit passwords to 8 charac ters across the board. You can require special characters and numbers and capitalization in /etc/defaults/security on HP-UX.

I believe /etc/default/security does allow you to set length requirements.

The problem with going beyond 8 characteres, is that in certain circumstances HP-UX ignores characters beyond the 8th.

Good Luck.

SEP

Re: Password length - again

Rick Garland — Mon, 28 Nov 2005 09:49:13 GMT

sudo is 1 utility that is limited to the 8 character passwd limit. There are others (e.g., NIS)

As previously stated, use 8 character passwds across the board.

Re: Password length - again

David Ledger at Bham — Fri, 02 Dec 2005 03:59:59 GMT

> Your best bet is to limit passwords to 8 characters across the board.

That is what I would like to do. Building a special sudo is not a good idea as I am a contractor and it would have to be checked by a permanent staff member. As I am here while they recruit one ...

The man page for /etc/defaults/security makes no mention of maxima for any password attribute.

Thanks for your efforts. I'll re-ask on HPADM. Failing that I'll put it into the correct forum here.

David

Re: Password length - again

David Ledger at Bham — Fri, 02 Dec 2005 04:03:31 GMT

Closing thread