?
Solved

Linux maximum password length

Posted on 2007-08-06
11
Medium Priority
?
4,138 Views
Last Modified: 2013-12-16
Hi, I want to find out the maximum password length configuration in a Linux. Does Linux usually have this config? If so, where can I find the system setting for it? Thanks.
0
Comment
Question by:nenrico
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 7

Accepted Solution

by:
ezaton earned 300 total points
ID: 19642415
On modern Linux systems:
/etc/pam.d/common-password
On legacy and older systems:
/etc/login.defs
0
 

Author Comment

by:nenrico
ID: 19642482
I assume if no such setting exist in those files, then maximum password length setting is not set?
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 75 total points
ID: 19643209
Linux passwords are stored as a MD5 hash.  A password can be a maximum of 255 characters.

login.defs doesn't have any settings to control the password length (not sure about common-passwd)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 43

Expert Comment

by:ravenpl
ID: 19643536
Some linuxes store passwords as MD5 and some as SHA1 and some as BlowFish hashes.
No limit on password there.
You can verify that setting passwords longer than 255 characters, resulting hash differs for different passwords with common first 256 chars.
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 19644117
Oh, I adore when someone accepts incorrect solution...
0
 
LVL 7

Expert Comment

by:ezaton
ID: 19649253
I was wondering if I should comment on that. I don't know who you are or what you are, but the place to set the maximum length of a password (or the length that counts) is where I have stated. Don't believe me? Please check it for yourself. The question was not what is the max length, but the configuration option for it.
0
 
LVL 43

Expert Comment

by:ravenpl
ID: 19649317
ezaton: Your answer is less/more ok. But /etc/pam.d/common-password is not available on my modern FC nor up2date gentoo.
Tintin's totally wrong. no limit at 255 chars, login.defs has the the option to limit max pass length.
0
 
LVL 7

Expert Comment

by:ezaton
ID: 19649630
Check your /etc/pam.d/password (or passwd). Modern systems avoid using login.defs.
RHEL4 uses common-password which /etc/pam.d/password points at.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 19649828
Let me say that I was indeed wrong.  I was basing my information on the maximum length of MD5 passwords in Solaris, and I naively assumed the same applied to Linux.

ezaton, please read the original question again.  It explicitly asks for what the maximum password length is and where it can be set.

I do note that on my Debian 3.1 server, there is an entry in /etc/login.defs for

PASS_MAX_LEN            8

However, this option is not mentioned anywhere in the man page and doesn't exist on any of the various Redhat servers I have access to.

I do note that debian 3.1 has /etc/pam.d/common-password and the more standard /etc/pam.d/passwd (which just includes common-password) and that it can be configured to set a maximum password length.  The debian entry has:

password   required   pam_unix.so nullok obscure min=4 max=8 md5

and this is documented in the pam_passwqdc on Redhat systems.

So let's summarise here.  On any recent Redhat/CentOS and probably Fedora (don't have access to a Fedora box at the moment) the maximum password length is practically unlimited.  This probably applies to most other distributions, but as we've seen, there can be subtle but important differences as to how they are configured.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 19649863
ezaton.

You say RHEL4 /etc/pam.d/password points to /etc/pam.d/common-password.  That's not what I've found.

On a Centos 4.4 server

/etc/pam.d/password contains

#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth

and there is no common-password file

on a RHEL4 update 5 server, exactly the same as above applies.

0
 
LVL 7

Expert Comment

by:ezaton
ID: 19651707
Sorry. My bad. On RHEL4, same as you saw, on Ubuntu's PAM (7.04 server):
/etc/pam.d/passwd:
#
# The PAM configuration file for the Shadow `passwd' service
#

@include common-password

On /etc/pam.d/common-password:
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define  the services to be
#used to change user passwords.  The default is pam_unix

# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# (Add `md5' after the module name to enable MD5 passwords)
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the "min" and "max" options enforce the length of the
# new password.

password   required   pam_unix.so nullok obscure min=4 max=8 md5

# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
#
# password required       pam_cracklib.so retry=3 minlen=6 difok=3
# password required       pam_unix.so use_authtok nullok md5

Same directives WOULD work in RHEL4 for pam_unix.so.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month15 days, 4 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question