On Fri, Sep 21, 2001 at 01:11:08PM +0000, Miquel van Smoorenburg wrote: > In article <[EMAIL PROTECTED]>, > Eric Boo <[EMAIL PROTECTED]> wrote: > >I'm using sid's nis package. I noticed that when changing a password > >using yppasswd, it seems to truncate the password, even if one keys in a > >password that consists of say 12 characters. > >So after the password is changed (password = 1234567890ab), i can log > >in using 1234567890cd or so. > > Welcome to Unix.
Welcome to the legacy of (old-style) crypt()-hashed passwords. Debian boxes are able to use MD5 password hashes instead, which removes the 8-character limit on password length. NIS is capable of working with MD5 passwords if both client and server support them. You _should_, therefore, be able to get past the length limitation by setting up all machines to use MD5. Unfortunately, yppasswd assumes that you're using crypt() and truncates the entered password at 8 characters rather than allowing the underlying system to handle the password to the best of its ability. IMO, this assumption is a bug in the design of NIS. Does anyone know of a good reason for preserving this assumption in the age of MD5? -- When we reduce our own liberties to stop terrorism, the terrorists have already won. - reverius
