SUMMARY: Enhanced security passwords from Javier M. Pereira on 1996-05-24 (tru64-unix-managers)

From: Javier M. Pereira <javier_at_sobrino.eui.upm.es>
Date: Thu, 23 May 1996 13:56:34 +0000 (GMT)

Thank you very much, Kevin

Javier M. Pereira Wrote ...
>
> Hi,
>
> We have an Alpha 2000/300 running Digital Unix 3.0
> We have just gone into Enhanced Security mode running secsetup
> and editing with a script the files created in /tcb/files/auth/[a-z]
> filling the u_pwd field with the password field in /etc/passwd.

Under 3.2C, secsetup will automatically copy the password entries. It's
very strange that it didn't do it for you in 3.0
>
> The same procedure for every account.
>
> And the problem is that some users login using his password with no problems,
> but some can not login. The message is "Login incorrect"
>
> The question is why a user can login using having his passwd field in
> /etc/passwd moved to the u_pwd field and other can not. Does it have to
> be with u_oldcrypt ?

Let me guess, all users whose passwords are longer than 8 characters don't
work? Easy, just type the first 8 characters.

Under the standard (/etc/passwd) security, only 8 characters of your
password are ever encrypted. Under enhanced security, all characters are
encrypted. So, all you need to do is tell your users that if their password
is longer than 8 chars then they must only use the first 8 until they
change their password.
>
> I have also noticed that once used /sbin/passwd the encrypted passwd is
> longer than 13 characters.
>
> For instance:
>
> passwd: okupacion1
> encrypted passwd in /etc/passwd : mWagztXK33cCE
> encrypted passwd in u_pwd : V6fdcy7G0B.fQ4NQfDvhAHQM
>
> If a put mWagztXK33cCE in u_pwd it does not work

Exactly. But type in 'okupacio' as the password and it will work.

Here is an extract from the motd on the machine we upgraded a few months
ago:

: If your password as at 28 Feb 1996 was longer than 8 characters, then you
: must only enter the first 8 for it to be accepted. If you change your
: password subsequent to that, up to 20 characters will be significant from
: then on.

-- 
[======================================================================]
[     Kevin Lentin               Email: K.Lentin_at_cs.monash.edu.au      ]
[   finger kevinl_at_fangorn.cs.monash.edu.au for PGP public key block.   ]
[  KeyId: 06808EED    FingerPrint: 6024308DE1F84314  811B511DBA6FD596  ]
[======================================================================]

Received on Thu May 23 1996 - 15:15:07 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:46 NZDT