> On 07/04/07, Jason King <[EMAIL PROTECTED]> wrote: >> On 4/7/07, Shawn Walker <[EMAIL PROTECTED]> wrote: >> > >> > On 07/04/07, Andrew Pattison <[EMAIL PROTECTED]> wrote: >> > > Passwords on Solaris are not limited to 8 characters, but the default >> password hashing algorithm only looks at the first 8 characters, with the >> result that passwords which have the same first 8 characters are treated >> as >> being identical. >> > > >> > >> > That's slightly disturbing, though not terribly surprising. >> > >> > -- >> > "Less is only more where more is no good." --Frank Lloyd Wright >> > >> > Shawn Walker, Software and Systems Analyst >> > [EMAIL PROTECTED] - >> http://binarycrusader.blogspot.com/ >> > _______________________________________________ >> > opensolaris-discuss mailing list >> > [email protected] >> > >> >> That is the traditional behavior on most UNIX platforms, so it's nothing >> new. >> >> If you want to enable passwords that can have more than 8 significant >> characters, just update /etc/security/policy.conf and change the default >> crypt algorithm to something other can the traditional UNIX crypt ( i.e. >> md5 >> or blowfish). I believe both of those allow for up to 256 (or 255 >> somewhere >> around that) character passwords. Also, if you would prefer something >> other >> than md5 or blowfish, it appears the implementation is modular (though I >> do >> not know if it is a public interface or not). >> >> Perhaps it might be worthwhile to add the ability to specify the default >> encryption algorithm or encryption policy as part of the install or >> sysidcfg? >> > > Most GNU/Linux distribution installers *used* to ask if you want to > use a "more secure" method of password encryption. I believe slackware > used to ask if you wanted to use the default, or md5/blowfish. Most of > the ones I've seen these days default to md5. > > Is there any reason why it is bad to default to md5? I assume it > causes system upgrade / migration issues...
Something I have been doing for years now, setting TCP_STRONG_ISS=2 and CRYPT_DEFAULT=1 along with using xyzzy as a magic word. Two of those work well and the last gets you stuck looking at some stupid building with a stream nearby. Dennis _______________________________________________ opensolaris-discuss mailing list [email protected]
