> Hey, I noticed something unusual when su'ing to root. I'm
> pretty sure this isn't normal because login doesn't have the
> same behavior when comparing passwords. But enough with that -
> Demonstration:
>
> - login as normal user
> - su to root (or any other use)
> - type in your password when prompted.
>
> So far, so good. Now, CTRL-D or otherwise logout.
>
> - su in again.
> - enter your password, followed by any number of extra
> characters (I used !!!!!), hit enter.
>
> Viola, there's your new shell. Somebody please tell
> me this isn't a big deal and that it will be fixed soon. :)
Exactly how many characters is your root password? Exactly how many
characters is your normal password?
The traditional UNIX password only compares the first eight characters
of the password. Any characters beyond eight are ignored. I am
guessing that your root password is already eight or more characters
and therefore you can type anything you want after that and it will be
ingored. Meanwhile, your normal password is less than eight and
therefore the extra characters are used, up to eight, and this is
really the difference you are seeing. This has been the traditional
UNIX behavior for 25 years. Some systems are now converting over to
using more characters as being significant and doing other security
enhancements.
Bob Proulx
