Re: [osol-discuss] Re: Re: Fresh Install Problems

Sat, 07 Apr 2007 16:43:16 -0700 

On 07/04/07, Jason King <[EMAIL PROTECTED]> wrote:

On 4/7/07, Shawn Walker <[EMAIL PROTECTED]> wrote:
>
> On 07/04/07, Andrew Pattison <[EMAIL PROTECTED]> wrote:
> > Passwords on Solaris are not limited to 8 characters, but the default
password hashing algorithm only looks at the first 8 characters, with the
result that passwords which have the same first 8 characters are treated as
being identical.
> >
>
> That's slightly disturbing, though not terribly surprising.
>
> --
> "Less is only more where more is no good." --Frank Lloyd Wright
>
> Shawn Walker, Software and Systems Analyst
> [EMAIL PROTECTED] -
http://binarycrusader.blogspot.com/
> _______________________________________________
> opensolaris-discuss mailing list
> [email protected]
>

That is the traditional behavior on most UNIX platforms, so it's nothing
new.

If you want to enable passwords that can have more than 8 significant
characters, just update /etc/security/policy.conf and change the default
crypt algorithm to something other can the traditional UNIX crypt ( i.e. md5
or blowfish).  I believe both of those allow for up to 256 (or 255 somewhere
around that) character passwords.  Also, if you would prefer something other
than md5 or blowfish, it appears the implementation is modular (though I do
not know if it is a public interface or not).

Perhaps it might be worthwhile to add the ability to specify the default
encryption algorithm or encryption policy as part of the install or
sysidcfg?



Most GNU/Linux distribution installers *used* to ask if you want to
use a "more secure" method of password encryption. I believe slackware
used to ask if you wanted to use the default, or md5/blowfish. Most of
the ones I've seen these days default to md5.

Is there any reason why it is bad to default to md5? I assume it
causes system upgrade / migration issues...

--
"Less is only more where more is no good." --Frank Lloyd Wright

Shawn Walker, Software and Systems Analyst
[EMAIL PROTECTED] - http://binarycrusader.blogspot.com/
_______________________________________________
opensolaris-discuss mailing list
[email protected]

Reply via email to