In <[EMAIL PROTECTED]>, on 04/01/03 at 09:37 PM, Sam Varshavchik <[EMAIL PROTECTED]> said:
>Jacob S. Barrett writes: >> I have noticed that when logging into Courier IMAP that it ignores >> password characters past 8. For example, if my password was "123456789" >> I could login with "1234567890". Also, if my password was "1234567890" >> I could login with "123456789" or "123456789X". Is this normal >> behavior? I searched around on Google and found nothing in previous >> posts that suggest this is normal, but maybe I missed something. >Traditional UNIX system passwords are eight characters, or less. Excess >characters are ignored. If, as some do, one is using the domain names as UID's in a virtual hosting environment, and/or wants passphrase (longer strings) capability, you can use a patch to bump both UID's and passwords to, for example, ca 63-64 characters. *IF* users adhere to longer than standard UID's and passwords, this can have the side effect of complicating a brute-force dictionary attack by several orders of binary magnitude... But it requires a system recompile, and *IS* no longer UNIX legacy standard, so needs doing at each system upgrade...... YMMV. Bill Hacker ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
