The passwords migrated from the other server are likely stored using the
{crypt} hash, which only looks at the first eight characters.
Eric Torgersen
Senior Systems Analyst
ITS Systems Management & Operations
On Thu, 11 Jul 2013, Elizabeth Jones wrote:
> We recently discovered that some of our users can pad their login
passwords with additional characters and still get authenticated by our
389DS. Our server was migrated from another server and we didn't set
anything as far as password requirements in the 389DS because we didn't
want to end up locking any migrated users out. Would the default settings
for 389DS have a max number of characters that it looks at/returns, so
that when these users are logging in and padding their passwords, it
doesn't matter because it is only using the first 8 characters or
something?
We also found that after a user has changed their password using our
password change program, which does enforce password rules, they are no
longer able to pad their passwords.
thanks for any insight -
EJ
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
