HPE Community
Operating System - Linux
1830234 Members
2564 Online
109999 Solutions
New Discussion

Re: Password length - again

 
SOLVED
Go to solution
David Ledger at Bham
Occasional Advisor

‎11-24-2005 12:21 AM

‎11-24-2005 12:21 AM

Password length - again

I _have_ read several previous threads on this.

We use sudo (from sudo-1.6.8p7-sd-11.11) on a HP-UX 11i trusted system. As is, this requires users to have a <= 8 char passwd. I either need to configure sudo to work with the 25char encrypted passords I get when a user uses >8 chars or force users to use <= 8 chars. Either would do.

I know that the max-length configured in SAM only controls the length of auto-generated passwords (not that this works).

There seems to be solutions for Linux (/etc/login.def).

/etc/default/security doesn't include a max length setting AFAICS.

Ideas please

David
0 Kudos
7 REPLIES 7
Bill Thorsteinson
Honored Contributor

‎11-24-2005 05:03 AM

‎11-24-2005 05:03 AM

Re: Password length - again

Look at your pam configuration.
The password entry for pam_unix inclues a max
option
There are alternative password verifiers that
also work.
However, if they change the pasword as root,
the verifications are bypassed.

I am surprized that the HP-UX trusted system
would limit passwords to 8 characters.
Check the pam password settings on HP-UX.
0 Kudos
Steven E. Protter
Exalted Contributor

‎11-24-2005 10:14 PM

‎11-24-2005 10:14 PM

Re: Password length - again

Shalom David,

HP-UX can handle passwords of more than 8 characters. For that you need to go to a trusted system. Then it will be compatible with Linux on that level.

HP-UX still however ignores usernames more than 8 charactes under trusted mode and if that is an issue there is little you can do.

sudo is an open source product and there is source code on the website you got it from. You can probably change any routines that don't work with more than 8 characters and recompile.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
David Ledger at Bham
Occasional Advisor

‎11-27-2005 09:44 PM

‎11-27-2005 09:44 PM

Re: Password length - again

Thanks both.

The man pages for pam_unix don't offer a password length parameter to put into pam_conf. Only use_first_pass, try_first_pass and use_psd are documented.

I meant to post this into the HP-UX admin forum but I must have been in a searched anywhere/found Linux thread when I posted.
0 Kudos
Steven E. Protter
Exalted Contributor

‎11-27-2005 10:00 PM

‎11-27-2005 10:00 PM

Re: Password length - again

David,

Your best bet is to limit passwords to 8 charac ters across the board. You can require special characters and numbers and capitalization in /etc/defaults/security on HP-UX.

I believe /etc/default/security does allow you to set length requirements.

The problem with going beyond 8 characteres, is that in certain circumstances HP-UX ignores characters beyond the 8th.

Good Luck.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Rick Garland
Honored Contributor

‎11-28-2005 01:49 AM

‎11-28-2005 01:49 AM

Solution

Re: Password length - again

sudo is 1 utility that is limited to the 8 character passwd limit. There are others (e.g., NIS)

As previously stated, use 8 character passwds across the board.
0 Kudos
David Ledger at Bham
Occasional Advisor

‎12-01-2005 07:59 PM

‎12-01-2005 07:59 PM

Re: Password length - again

> Your best bet is to limit passwords to 8 characters across the board.

That is what I would like to do. Building a special sudo is not a good idea as I am a contractor and it would have to be checked by a permanent staff member. As I am here while they recruit one ...

The man page for /etc/defaults/security makes no mention of maxima for any password attribute.

Thanks for your efforts. I'll re-ask on HPADM. Failing that I'll put it into the correct forum here.

David
0 Kudos
David Ledger at Bham
Occasional Advisor

‎12-01-2005 08:03 PM

‎12-01-2005 08:03 PM

Re: Password length - again

Closing thread
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.