Red Hat Bugzilla – Bug 57839
Incorrect behaviour of crypt passwords
Last modified: 2007-04-18 12:38:49 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-13 i686)
Description of problem:
I am running as root and I am changing a password for user bob as:
New password: 123456789
Retype new pasword: 123456789
passwd: all authentication tokens updated successfully
Then I want to log in as bob. Unfortunately, when I use the
123456789 as password, I will not be let in. But when I use
12345678 as password, I will be let in. This is for crypt passwords.
I understand that only 8-characters of the password are in fact
used, but the salt is computed from the whole password (I assume this
is your bug). Please correct it, since it is very anoying to count
letters in my passwords.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Log in as root and change the password for the user account to
be longer than 8 characters, e.g., 123456789
It is assumed that you chose the crypt passwords (not MD5)
2.Try to log in to the account with password 123456789. You will fail
3.Try to log in to the account with 12345678 (1st 8 chars) and you are in.
Expected Results: The necessary truncation of the password should be done
withing software, not by the user counting characters in his/her password.
This is a new behaviour in 7.2
This should be resolved in the pam errata at:
Please reopen this bug ID if you find that this is not the case.