bug#21318: Only the first 8 characters of passwords are significant

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#21318: Only the first 8 characters of passwords are significant

From:	Mark H Weaver
Subject:	bug#21318: Only the first 8 characters of passwords are significant
Date:	Sat, 22 Aug 2015 01:20:22 -0400

yenda on #guix reported that when typing user passwords, only the first
8 characters need to be typed correctly to successfully log in.

DusXMT on #guix mentioned that [GNU/]Linux From Scratch instructs users
to change "#ENCRYPT_METHOD_DES" to "ENCRYPT_METHOD_SHA512" in
etc/login.defs:

  http://www.linuxfromscratch.org/lfs/view/stable/chapter06/shadow.html

I tried modifying both /etc/login.defs and etc/login.defs in our
'shadow' package recipe, and then tried updating my password entry with
'passwd' but it still only pays attention to the first 8 characters.

'strace' reveals that 'passwd' doesn't even look for any file named
"login.defs".

I'm not sure what's going on here, but it would be good to fix it soon.

     Mark

[Prev in Thread]

Current Thread

[Next in Thread]

bug#21318: Only the first 8 characters of passwords are significant, Mark H Weaver <=
- bug#21318: Only the first 8 characters of passwords are significant, 宋文武, 2015/08/22
- bug#21318: Fixed, 宋文武, 2015/08/25
- bug#21318: Fixed, 宋文武, 2015/08/25

Prev by Date: bug#21280: test failures: nar, syscalls, containers
Next by Date: bug#21318: Only the first 8 characters of passwords are significant
Previous by thread: bug#21289: 'guix lint' reporting of unpatched CVEs
Next by thread: bug#21318: Only the first 8 characters of passwords are significant
Index(es):
- Date
- Thread