Solved

15 Character Passwords on Unix/Solaris.

Posted on 2007-03-27
10
1,484 Views
Last Modified: 2013-12-04
Is there any functionality issues with a 15 character password on UNIX/Solaris machines – or those that communicate with non UNIX/Solaris machines?
0
Comment
Question by:jbowlin
10 Comments
 
LVL 45

Expert Comment

by:Kdo
ID: 18801500
Hello jbowlin,

If you're staying within the unix realm, a 15 character password shouldn't be an issue.  (Though that sounds like overkill to me.....)

Some applications, particularly some IBM products, require shorter passwords.


Good Luck,
Kent
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18804433
By default Solaris (and most other Unix flavours) will only recognise the first 8 characters of a password.

So if you set your password to

abcdefgh123

You could type in

acbdefgh38udsfkhsfksfu

or

abcdefgh

and your password would be accepted.

You can increase the maximum length of passwords on Solaris =>9 systems to 255 characters, by editing /etc/security/policy.conf and set

CRYPT_ALGORITHMS_ALLOW=1,2a,md5
CRYPT_ALGORITHMS_DEPRECATE=__unix__
CRYPT_DEFAULT=1
0
 
LVL 38

Expert Comment

by:yuzh
ID: 18805101
For Solaris you can edit /etc/default/passwd file to have longer password length
PASSLENGTH=x

But keep in mind, many application has a limit to 8 char for
password, eg the old Solstice adm suit for NIS+ etc.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:jbowlin
ID: 18810110
This is for Solaris 8.
It is a mandated by a Government Agency no choice in the matter.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18812201
With Solaris 8, you are stuck with a maximum recognised password length of 8.
0
 
LVL 38

Expert Comment

by:yuzh
ID: 18813134
You can set:
PASSLENGTH=15
to require passwords to be a minimum of 15 charts (if you are using /etc/passwd /etc/shadow files) but soem other app
might not like it.  (It can become an app issure, not the OS issue).
0
 
LVL 48

Accepted Solution

by:
Tintin earned 500 total points
ID: 18813268
yuzh.

Setting PASSLENGTH to 15 is pretty pointless when the last 7 characters of the password are going to be ignored.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 19076015
BTW this was fixed in Solaris 10
0
 
LVL 48

Expert Comment

by:Tintin
ID: 19081940
Chris.

Wasn't really "fixed" in Solaris 10.  Solaris =>9 has the option to set MD5 passwords (as used on BSD/Linux) in /etc/security/policy.conf, which has a maximum password length of 255.

Setting PASSLENGTH without changing this setting, still won't make any difference.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question