bug#21318: Only the first 8 characters of passwords are significant

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#21318: Only the first 8 characters of passwords are significant

From:	宋文武
Subject:	bug#21318: Only the first 8 characters of passwords are significant
Date:	Sat, 22 Aug 2015 22:32:03 +0800
User-agent:	Notmuch/0.19 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-unknown-linux-gnu)

Mark H Weaver <address@hidden> writes:

> yenda on #guix reported that when typing user passwords, only the first
> 8 characters need to be typed correctly to successfully log in.
>
> DusXMT on #guix mentioned that [GNU/]Linux From Scratch instructs users
> to change "#ENCRYPT_METHOD_DES" to "ENCRYPT_METHOD_SHA512" in
> etc/login.defs:
>
>   http://www.linuxfromscratch.org/lfs/view/stable/chapter06/shadow.html
>
> I tried modifying both /etc/login.defs and etc/login.defs in our
> 'shadow' package recipe, and then tried updating my password entry with
> 'passwd' but it still only pays attention to the first 8 characters.
>
> 'strace' reveals that 'passwd' doesn't even look for any file named
> "login.defs".
Yeah, when login using PAM (our case), login.defs is not used.
>
> I'm not sure what's going on here, but it would be good to fix it soon.
It turn out that add a 'sha512' to the argument of password pam entry do
the trick,  patch sent :-)

[Prev in Thread]

Current Thread

[Next in Thread]

bug#21318: Only the first 8 characters of passwords are significant, Mark H Weaver, 2015/08/22
- bug#21318: Only the first 8 characters of passwords are significant, 宋文武 <=
- bug#21318: Fixed, 宋文武, 2015/08/25
- bug#21318: Fixed, 宋文武, 2015/08/25

Prev by Date: bug#21318: Only the first 8 characters of passwords are significant
Next by Date: bug#21224: guix system init --no-grub doesn't work
Previous by thread: bug#21318: Only the first 8 characters of passwords are significant
Next by thread: bug#21318: Fixed
Index(es):
- Date
- Thread