Red Hat Bugzilla – Bug 690
Root password not secure in RedHat 5.2 (kernel-2.0.36-3, etc.)
Last modified: 2008-05-01 11:37:48 EDT
I'm new at this, so I don't know if this is my fault or not, but my impression is that a root password should not allow one to login as root without the *exact* root password, where exact means specifically the *exact* combination of upper/lowercase characters/numbers chosen. I have patched RH 5.2 to all the latest RPMS (including the ones released 3 Jan '99, kernel-2.0.36-3, pam-0.64-4, etc.), but I have found that to login as root on my PC, I need only type in the first eight of the sixteen alpha characters I manually assigned to the root password. Again, I don't believe this falls directly under a problem of the 2.0.36-3 kernel, but I'm new to this and don't know exactly which part of the linux modules this falls under. Thanks very much!
AFAIK it's not a bug but a feature: traditional UNIX des/crypt password authentication limits passwords to eight characters. I believe you can use longer passwords with the PAM md5 module.
Not a bug... rtfm.
Passwords by default as shipped with 5.2 are limited to 8 characters.