Re: sshd bug?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Matt Keating wrote, On 08/11/2010 12:17 PM:
> On Wed, Aug 11, 2010 at 4:57 PM, Matt Keating <keatster@xxxxxxxxx> wrote:
>> On Wed, Aug 11, 2010 at 4:45 PM, Ray Van Dolson <rayvd@xxxxxxxxxxxx> wrote:
>>> On Wed, Aug 11, 2010 at 04:38:22PM +0100, Matt Keating wrote:
>>>> Hi,
>>>>
<SNIP>
>>>>
>>>> The 'passwd' command only recognises the first 9 characters too...
>>>>
>>>> Has anyone seen this before, or know how to fix it? I feel its a major
>>>> security risk and would like it fixed ASAP.
>>> Sounds like you're using DES password hashes instead of the newer MD5
>>> style.
>>>
>>> If you take a peek at some of the password entries in your /etc/shadow
>>> do they have a $1$ at the beginning?  If not, you're probably using DES
>>> which is limited to 8 characters.
>> Sounds like you're on the money. I didn't install this server, so I
>> didn't choose the security stuff.
>> Passwords don't start with $....
>>
<SNIP>
> 
> $ sudo authconfig --usemd5 --updateall
> 
> Done!
> 
> Thanks Ray!

One subject for concern (even if it is too late, for you now), is if that box is serving NIS/LDAP to
an older sunos/solaris/[other old Unix] system (how IT would be up to to date security wise is
another question), then you may have a problem if the sun has not been updated to handle MD5
pass-phrase hashes.

Now you know why the old sun guy in the corner is confused about why he can't login. :)
-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux