Results 1 to 4 of 4

Thread: SUSE 11 does not require entire password to access

  1. #1

    SUSE 11 does not require entire password to access

    I have a SUSE 11 box hardened to meet govt requirements. Minimum length password (14) is defined in /etc/pam.d/common_password as "minlen = 14" and /etc/login.defs with "PASS_MIN_LEN" as 14. I only have to enter the first 8 characters of my password to gain access. Please help.

  2. #2

    Re: SUSE 11 does not require entire password to access

    Are you using something really old like 'crypt' for your password
    algorithm? It limits passwords to eight characters, and anything else is
    ignored.

    SLE 11 defaults to NOT-crypt (blowfish or something I think) so unless you
    changed this you should not be using crypt. Easy way to test is to first
    change your password to something stupid and then, replacing USERNAME with
    your own username, run the following command and post the output:

    Code:
    --------------------
    sudo grep USERNAME /etc/shadow
    --------------------

    This will post your password hash so we can tell you what kind it is. You
    can look this up yourself too if you Google a bit. Normally you should
    never post this stuff, which is why I said to first change your password
    to something you do not care about.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  3. #3

    Re: SUSE 11 does not require entire password to access

    I'm not using crypt. Yast has blowfish for encryption. Not sure what config files would set the encryption. I changed it to sha512. Yast also shows the minlen as 5. Every time I reset it to 14 n yast, any changes I made to the common-password file reverts it back. Yast also keeps minlen at 5. I tried to make the individual common-* files similar to RHEL5/6 configurations. Nothing seems to work. Any other ideas?

    BTW, after entering the first 8 chars, you can enter nothing or anything, despite what your real password is and it will still allow access.

  4. #4

    Re: SUSE 11 does not require entire password to access

    You didn't post the output from that command. It could help.

    How, exactly, was the "hardening" done? If we can reproduce it perhaps we
    can tell you more.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •