From Bugzilla Helper: User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-13 i686) Description of problem: I am running as root and I am changing a password for user bob as: passwd bob New password: 123456789 Retype new pasword: 123456789 passwd: all authentication tokens updated successfully Then I want to log in as bob. Unfortunately, when I use the 123456789 as password, I will not be let in. But when I use 12345678 as password, I will be let in. This is for crypt passwords. I understand that only 8-characters of the password are in fact used, but the salt is computed from the whole password (I assume this is your bug). Please correct it, since it is very anoying to count letters in my passwords. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.Log in as root and change the password for the user account to be longer than 8 characters, e.g., 123456789 It is assumed that you chose the crypt passwords (not MD5) 2.Try to log in to the account with password 123456789. You will fail 3.Try to log in to the account with 12345678 (1st 8 chars) and you are in. Expected Results: The necessary truncation of the password should be done withing software, not by the user counting characters in his/her password. This is a new behaviour in 7.2 Additional info:
This should be resolved in the pam errata at: https://www.redhat.com/support/errata/RHBA-2001-149.html Please reopen this bug ID if you find that this is not the case.