On Mon, 14 Jul 2003, Rick wrote: > Hi, > I have a Raq2. When i mistyped and only typed the first 8 chars of my > root password, it entered into su - mode. Kindly Advise. A common older UNIX (and some other OSes) failing where the first 8 characters are the only things significant in authenticating a user.
I believe (although can no longer test) that the Tru64 UNIX in a C2 config has supported longer passwords (since 1997??), or by using MD5 (or other hashing functions) in newer OpenSource OSes instead of the old DES salted passwords fixes this. Also using an external authentication system i.e. LDAP, RADIUS, TACACS+, SecurID would also get round this particular limitation. Really you need to upgrade your RaQs OS to something a bit newer (if this is possible) that supports MD5/SHA/... instead of teh legacy UNIX password salting. Hope this helps Gareth _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
