Bug 690 - Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Summary: Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel
Version: 5.2
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-01-05 10:48 UTC by crimsun
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 1999-01-05 22:22:38 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description crimsun 1999-01-05 10:48:21 UTC 
I'm new at this, so I don't know if this is my fault or not,
but my impression is that a root password should not allow
one to login as root without the *exact* root password,
where exact means specifically the *exact* combination of
upper/lowercase characters/numbers chosen.  I have patched
RH 5.2 to all the latest RPMS (including the ones released 3
Jan '99, kernel-2.0.36-3, pam-0.64-4, etc.), but I have
found that to login as root on my PC, I need only type in
the first eight of the sixteen alpha characters I manually
assigned to the root password.  Again, I don't believe this
falls directly under a problem of the 2.0.36-3 kernel, but
I'm new to this and don't know exactly which part of the
linux modules this falls under.  Thanks very much!
Comment 1 pablo 1999-01-05 15:12:59 UTC 
AFAIK it's not a bug but a feature: traditional UNIX
des/crypt password authentication limits passwords to eight
characters.
I believe you can use longer passwords with the PAM md5 module.
Comment 2 seva 1999-01-05 18:14:59 UTC 
Not a bug... rtfm.
Comment 3 David Lawrence 1999-01-05 22:22:59 UTC 
Passwords by default as shipped with 5.2 are limited to 8 characters.
Note You need to log in before you can comment on or make changes to this bug.