Red Hat Bugzilla – Bug 690
Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Last modified: 2008-05-01 11:37:48 EDT
I'm new at this, so I don't know if this is my fault or not,
but my impression is that a root password should not allow
one to login as root without the *exact* root password,
where exact means specifically the *exact* combination of
upper/lowercase characters/numbers chosen. I have patched
RH 5.2 to all the latest RPMS (including the ones released 3
Jan '99, kernel-2.0.36-3, pam-0.64-4, etc.), but I have
found that to login as root on my PC, I need only type in
the first eight of the sixteen alpha characters I manually
assigned to the root password. Again, I don't believe this
falls directly under a problem of the 2.0.36-3 kernel, but
I'm new to this and don't know exactly which part of the
linux modules this falls under. Thanks very much!
AFAIK it's not a bug but a feature: traditional UNIX
des/crypt password authentication limits passwords to eight
I believe you can use longer passwords with the PAM md5 module.
Not a bug... rtfm.
Passwords by default as shipped with 5.2 are limited to 8 characters.