Many and special thanks to:
Dr. Tom Blinn
Martin MOKREJS
Marie-Claude Vialatte
My Original Question:
> Hello Managers:
>
> How can I change the minimun and/or maximum password lenght in a base
> security system?
>
> Thanks
>
> Orson Voerckel Galvao
> Universidade Estadual de Santa Cruz
> Bahia - Brazil
And all agree that the response is....
You CAN4T modify the defaults minimun and maximun password size if
using the BASE security option.
If you want to do so, must migrate to ENHANCED security mode.
But....
I found my system (DU 4.0b) accepting passwords with five characters
instead of the minimun size of six characters as stated in the man pages
(a Bug???), using the BASE security mode.
Below the original answers - and some interesting advices on migrating
to C2:
>From Dr. Tom Blinn:
===================
Get the sources for ALL of the software that does anything with
passwords.
Modify the software to have different limits.
Then use your modified software (but be prepared to support it and deal
with porting it if you ever want to upgrade).
In other words, you can't.
> Hello Mr. Tom Blinn
>
> I have seen at the passwd man page that must have at least six
> characters. But my machine accepts five characters. What is going wrong?
>
> Thank you for your previous response
>
> Orson Voerckel Galvao
>
> Universidade Estadual de Santa cruz
> Bahia - Brazil
You are correct that the passwd reference page says that each password
must
have at least 6 characters.
The code in the passwd program simply calls the sia_chg_password()
routine,
and that routine calls the relevant "change password" routine in libc.so
or
in libsecurity.so (depending on the security level in effect). I've
looked
at the code in the libc routine getnewpasswd and as far as I can tell,
it
has a lower length limit of 4 characters, not 5. I may be
misunderstanding
the code; it's not really obvious just what it's doing. But here's the
test
I believe is relevant:
if (strlen(pwbuf) <= 4)
{
sia_warning(collect, MSGSTR(LONGER, "Please enter a
longer password."));
}
You could confirm this is the limit by trying really short passwords;
one,
two, three, four, five characters.
In any case, you may well have found a bug. If you report it through
the
formal problem reporting mechanisms, it might get fixed in a future
release
of DIGITAL UNIX; I would not hold out a lot of hope for a patch, since
it's
in a libc routine.
Tom
I CONFIRM; MY MACHINE ACCEPTS FIVE CHARACTERS PASSWORDS... Orson Galvco
>From Mr Martin Mokrejs
======================
It can be of I think aby size up to 255 chars, BUT system checks only
first 8
chars (set pass as 1234567890, and login with 12345678).
So actually the size is limited to 8.
Martin
>From Marie-Claude Vialatte
See default(4) and prpasswd(4).
To set min to 6 and max to 10, you must put
u_minlen#6 and u_maxlen#10
either in user entry or in default entry.
You can modify one user entry by dxaccounts(8) :
- click 2 times on the user icon
- click "security" button
- move slides for min and max length
or by edauth(8) : edauth -d p user
- add u_minlen and u_maxlen fields
You can modify default entry by edauth(8) : edauth -d d default
- add u_minlen and u_maxlen fields
Marie-Claude Vialatte
> Hello Vialatte:
>
> Thank you a lot for your response. But as I was afraid This only works
> if using the enhanced security; unfortunately this is not may case.
yes
> Well, I think I am going to spend a whole weekend migrating from base to
> enhanced security mode.
Attention, read carefully documentation before changing security
level.
There are some consequences, not only for accounts and
passwords : see also devassign(4) and ttys(4).
Marie-Claude Vialatte
========================================================================
End of Summary
Received on Mon Aug 03 1998 - 13:10:16 NZST