Bug 690 - Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
5.2
i386 Linux
high Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-01-05 05:48 EST by crimsun
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-01-05 17:22:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description crimsun 1999-01-05 05:48:21 EST
I'm new at this, so I don't know if this is my fault or not,
but my impression is that a root password should not allow
one to login as root without the *exact* root password,
where exact means specifically the *exact* combination of
upper/lowercase characters/numbers chosen.  I have patched
RH 5.2 to all the latest RPMS (including the ones released 3
Jan '99, kernel-2.0.36-3, pam-0.64-4, etc.), but I have
found that to login as root on my PC, I need only type in
the first eight of the sixteen alpha characters I manually
assigned to the root password.  Again, I don't believe this
falls directly under a problem of the 2.0.36-3 kernel, but
I'm new to this and don't know exactly which part of the
linux modules this falls under.  Thanks very much!
Comment 1 pablo 1999-01-05 10:12:59 EST
AFAIK it's not a bug but a feature: traditional UNIX
des/crypt password authentication limits passwords to eight
characters.
I believe you can use longer passwords with the PAM md5 module.
Comment 2 seva 1999-01-05 13:14:59 EST
Not a bug... rtfm.
Comment 3 David Lawrence 1999-01-05 17:22:59 EST
Passwords by default as shipped with 5.2 are limited to 8 characters.

Note You need to log in before you can comment on or make changes to this bug.