Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 690 - Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Summary: Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel
Version: 5.2
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-01-05 10:48 UTC by crimsun
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-01-05 22:22:38 UTC


Attachments (Terms of Use)

Description crimsun 1999-01-05 10:48:21 UTC
I'm new at this, so I don't know if this is my fault or not,
but my impression is that a root password should not allow
one to login as root without the *exact* root password,
where exact means specifically the *exact* combination of
upper/lowercase characters/numbers chosen.  I have patched
RH 5.2 to all the latest RPMS (including the ones released 3
Jan '99, kernel-2.0.36-3, pam-0.64-4, etc.), but I have
found that to login as root on my PC, I need only type in
the first eight of the sixteen alpha characters I manually
assigned to the root password.  Again, I don't believe this
falls directly under a problem of the 2.0.36-3 kernel, but
I'm new to this and don't know exactly which part of the
linux modules this falls under.  Thanks very much!

Comment 1 pablo 1999-01-05 15:12:59 UTC
AFAIK it's not a bug but a feature: traditional UNIX
des/crypt password authentication limits passwords to eight
characters.
I believe you can use longer passwords with the PAM md5 module.

Comment 2 seva 1999-01-05 18:14:59 UTC
Not a bug... rtfm.

Comment 3 David Lawrence 1999-01-05 22:22:59 UTC
Passwords by default as shipped with 5.2 are limited to 8 characters.


Note You need to log in before you can comment on or make changes to this bug.