Helo ,
I m using linux pam library for user and its password authentication.
I m creating new user and giving its password.I m giving password of 10 characters.now when I login in as that newly created user its ask me
$ su - ram
Password:
You are required to change your password immediately (root enforced)
Changing password for ram
(current) UNIX password:
I m giving my current passwd
(new) Password :
I m giving my new passwd of 10 characters.
Now i m log off and again login as that user
Now when I give my password more only first 8 characters then also It allows me to login
how come this happen?
I also observed that it verify the password for first 8 characters.
also see my /etc/pam.d/system-auth entry are given bewlo
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
Sorry buddy for the delayed response. Can you do an ls -l on this dir:
/etc/pam.d
I'm looking for /etc/pam.d/common-password file. Anyhow, I'm guessing that this line in /etc/pam.d/system-auth may be the key:
You can change max value to whatever you want. Going through man pages, max is not documented, but the functionality is there. Also, before any changes make sure you backup your files.
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
My problem is that suppose create a user and give a 12 character password . It will accept this password.
But when I logg off and again login and now I give first 8 character then only It will accept password. So it menas it validates only first 8 character.
yr help will be highly appreciated.
Regards,
Amit
A
more -ever It accept more than 12 character password but when it validates only first 8 character password. I mean suppose I give new password more than 12 character and log off . when I login again and give only first 8 character then also it accept. it means it verify only first 8 character.
so workaround near validation .
Amit,
Can you check to make sure you are using MD5? You can find out if you are using MD5 cipher by looking at the encoded password string in your /etc/shadow file. If it starts with $1$ and is 34 characters long, then it is an MD5-based format. DES format is shorter, it is only 13 characters long. MD5 is default, but may have been changed during install etc.
Also, are these users being authenticated locally or by LDAP? If it's LDAP, then you will have to talk to your LDAP admin.