Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 690 - Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
5.2
i386 Linux
high Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-01-05 05:48 EST by crimsun
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-01-05 17:22:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description crimsun 1999-01-05 05:48:21 EST 
I'm new at this, so I don't know if this is my fault or not,
but my impression is that a root password should not allow
one to login as root without the *exact* root password,
where exact means specifically the *exact* combination of
upper/lowercase characters/numbers chosen.  I have patched
RH 5.2 to all the latest RPMS (including the ones released 3
Jan '99, kernel-2.0.36-3, pam-0.64-4, etc.), but I have
found that to login as root on my PC, I need only type in
the first eight of the sixteen alpha characters I manually
assigned to the root password.  Again, I don't believe this
falls directly under a problem of the 2.0.36-3 kernel, but
I'm new to this and don't know exactly which part of the
linux modules this falls under.  Thanks very much!
Comment 1 pablo 1999-01-05 10:12:59 EST 
AFAIK it's not a bug but a feature: traditional UNIX
des/crypt password authentication limits passwords to eight
characters.
I believe you can use longer passwords with the PAM md5 module.
Comment 2 seva 1999-01-05 13:14:59 EST 
Not a bug... rtfm.
Comment 3 David Lawrence 1999-01-05 17:22:59 EST 
Passwords by default as shipped with 5.2 are limited to 8 characters.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.