Matt Keating wrote, On 08/11/2010 12:17 PM:
> On Wed, Aug 11, 2010 at 4:57 PM, Matt Keating <keatster@xxxxxxxxx> wrote:
>> On Wed, Aug 11, 2010 at 4:45 PM, Ray Van Dolson <rayvd@xxxxxxxxxxxx> wrote:
>>> On Wed, Aug 11, 2010 at 04:38:22PM +0100, Matt Keating wrote:
>>>> Hi,
>>>>
<SNIP>
>>>>
>>>> The 'passwd' command only recognises the first 9 characters too...
>>>>
>>>> Has anyone seen this before, or know how to fix it? I feel its a major
>>>> security risk and would like it fixed ASAP.
>>> Sounds like you're using DES password hashes instead of the newer MD5
>>> style.
>>>
>>> If you take a peek at some of the password entries in your /etc/shadow
>>> do they have a $1$ at the beginning? If not, you're probably using DES
>>> which is limited to 8 characters.
>> Sounds like you're on the money. I didn't install this server, so I
>> didn't choose the security stuff.
>> Passwords don't start with $....
>>
<SNIP>
>
> $ sudo authconfig --usemd5 --updateall
>
> Done!
>
> Thanks Ray!
One subject for concern (even if it is too late, for you now), is if that box is serving NIS/LDAP to
an older sunos/solaris/[other old Unix] system (how IT would be up to to date security wise is
another question), then you may have a problem if the sun has not been updated to handle MD5
pass-phrase hashes.
Now you know why the old sun guy in the corner is confused about why he can't login. :)
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
