jbowlin
asked on
15 Character Passwords on Unix/Solaris.
Is there any functionality issues with a 15 character password on UNIX/Solaris machines – or those that communicate with non UNIX/Solaris machines?
By default Solaris (and most other Unix flavours) will only recognise the first 8 characters of a password.
So if you set your password to
abcdefgh123
You could type in
acbdefgh38udsfkhsfksfu
or
abcdefgh
and your password would be accepted.
You can increase the maximum length of passwords on Solaris =>9 systems to 255 characters, by editing /etc/security/policy.conf and set
CRYPT_ALGORITHMS_ALLOW=1,2 a,md5
CRYPT_ALGORITHMS_DEPRECATE =__unix__
CRYPT_DEFAULT=1
So if you set your password to
abcdefgh123
You could type in
acbdefgh38udsfkhsfksfu
or
abcdefgh
and your password would be accepted.
You can increase the maximum length of passwords on Solaris =>9 systems to 255 characters, by editing /etc/security/policy.conf and set
CRYPT_ALGORITHMS_ALLOW=1,2
CRYPT_ALGORITHMS_DEPRECATE
CRYPT_DEFAULT=1
For Solaris you can edit /etc/default/passwd file to have longer password length
PASSLENGTH=x
But keep in mind, many application has a limit to 8 char for
password, eg the old Solstice adm suit for NIS+ etc.
PASSLENGTH=x
But keep in mind, many application has a limit to 8 char for
password, eg the old Solstice adm suit for NIS+ etc.
ASKER
This is for Solaris 8.
It is a mandated by a Government Agency no choice in the matter.
It is a mandated by a Government Agency no choice in the matter.
With Solaris 8, you are stuck with a maximum recognised password length of 8.
You can set:
PASSLENGTH=15
to require passwords to be a minimum of 15 charts (if you are using /etc/passwd /etc/shadow files) but soem other app
might not like it. (It can become an app issure, not the OS issue).
PASSLENGTH=15
to require passwords to be a minimum of 15 charts (if you are using /etc/passwd /etc/shadow files) but soem other app
might not like it. (It can become an app issure, not the OS issue).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW this was fixed in Solaris 10
Chris.
Wasn't really "fixed" in Solaris 10. Solaris =>9 has the option to set MD5 passwords (as used on BSD/Linux) in /etc/security/policy.conf, which has a maximum password length of 255.
Setting PASSLENGTH without changing this setting, still won't make any difference.
Wasn't really "fixed" in Solaris 10. Solaris =>9 has the option to set MD5 passwords (as used on BSD/Linux) in /etc/security/policy.conf,
Setting PASSLENGTH without changing this setting, still won't make any difference.
If you're staying within the unix realm, a 15 character password shouldn't be an issue. (Though that sounds like overkill to me.....)
Some applications, particularly some IBM products, require shorter passwords.
Good Luck,
Kent