HPE Community
Operating System - Linux
1751858 Members
6106 Online
108782 Solutions
New Discussion юеВ

Re: password

 
Son dam bi
Advisor

тАО11-16-2009 08:13 PM

тАО11-16-2009 08:13 PM

password

In the redhat system , the current password policy is case senitive , can advise how to cancel it ?

for example : if the password is ABC456 , the user can still login the system with abc456 , what can i do ?


please ignore the security issure .

Thx in advance.
0 Kudos
Reply
6 REPLIES 6
Rob Leadbeater
Honored Contributor

тАО11-17-2009 01:41 AM

тАО11-17-2009 01:41 AM

Re: password

Hi,

You question doesn't really make sense.

Do you want to make the password case INsensitive, so that they can log on with either upper or lower case ?

I'm not sure that it's possible, although you've given us no information on which "redhat" system you're talking about...

Cheers,

Rob
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО11-17-2009 05:08 AM

тАО11-17-2009 05:08 AM

Re: password

Even windows password is case sensitive, can you explain if you have a specific problem or requirement that could be solved without reinventing the wheel.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО11-17-2009 05:32 AM

тАО11-17-2009 05:32 AM

Re: password

The case sensitivity is hard-coded into the password hashing algorithm. To make it case-insensitive, you would have to download the source code of the pam_unix.so PAM module and modify it to be always set the password to either all lower or all upper case before hashing.

(The unix-style password hashing cannot be reversed: a password is checked by hashing the password that user entered, and comparing the result to the stored password hash. If they match, the password was correct.)

But this is just a Wrong Thing to do: in Unix/Linux systems, *all command and file names* are case sensitive by default, and this cannot be changed. The users *must* learn to live with it.

MK
MK
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО11-17-2009 06:28 AM

тАО11-17-2009 06:28 AM

Re: password

> But this is just a Wrong Thing to do: [...]

But a password is not a command or file name;
it's a password.

> [...] pam_unix.so [...]

If no one else has done it already.

> The users *must* learn to live with it.

Not if you change it. VMS, by the way, has
(by default) case-insensitive passwords.
(It's been "Wrong" for over thirty years,
with few complaints. And no complaints at
all about a "Caps Lock" key in the wrong
state. Many would not call this "Wrong".)
0 Kudos
Reply
Randy Jones_3
Trusted Contributor

тАО11-17-2009 07:01 PM

тАО11-17-2009 07:01 PM

Re: password

> If no one else has done it already.

It did not take me five minutes to find
http://linux.derkeiler.com/Newsgroups/comp.os.linux.misc/2009-10/msg00125.html
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО11-19-2009 12:43 AM

тАО11-19-2009 12:43 AM

Re: password

passwords, pfhu! what is it good for? hey, here is an idea, we'll disable passwords all together. pure brilliance.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.