Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Linux, RHEL 5 - password. Only 8 characters are being seen

Posted on 2014-04-15
6
Medium Priority
?
1,024 Views
Last Modified: 2014-04-25
I changed a password to a more complex password. But only the first 8 characters are recognized.

For example:

MyPassword437882

...if you just type

MyPasswo

...it gets you in.

How do I fix this on new and/or existing accounts?
0
Comment
Question by:Viclyn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 20

Expert Comment

by:simon3270
ID: 40002371
That's very "old school"!  That behaviour was removed from most Linuxes in 2000 or so.

Have some of the entries in /etc/pam.d been removed?  Or if you haven't got pam.d, is there anything in /etc/pam.conf which might limit the checking of passwords?
0
 

Author Comment

by:Viclyn
ID: 40002401
I don't see a pam.conf file, but I do have a pam.d directory. I'm not sure what needs to be modified or if anything was removed. To the best of my knowledge, nothing was removed.
0
 
LVL 20

Expert Comment

by:simon3270
ID: 40003526
I don't have a RHEL 5 machine handy, but on RHEL 6 I have:
[root@ms1 ~]# ls /etc/pam.d/
atd          eject                other             reboot        screen             ssh-keycat            system-auth
chfn         fingerprint-auth     passwd            remote        smartcard-auth     su                    system-auth-ac
chsh         fingerprint-auth-ac  password-auth     rhn_register  smartcard-auth-ac  subscription-manager
config-util  halt                 password-auth-ac  run_init      smtp               sudo
crond        login                polkit-1          runuser       smtp.postfix       sudo-i
cvs          newrole              poweroff          runuser-l     sshd               su-l
[root@ms1 ~]# 

Open in new window

0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 30

Assisted Solution

by:serialband
serialband earned 1000 total points
ID: 40004806
From:  https://access.redhat.com/site/articles/2718


How do I change the default password length?
Updated August 18 2005 at 10:00 PM

The default password length is usually 8 characters. In order to improve security longer passwords can be enforced. Pluggable Authentication Module (PAM) is used for login authentication. We will make changes to the pam_cracklib module to control how the user authenticates.

Important: Make sure to make a backup of your /lib/security directory and your /etc/pam.d/system-auth before making any changes. Making changes to PAM can cause a system to become inaccessible.

Create backup then list contents of the tar file:

# tar -cvf backup.tar /etc/pam.d/system-auth /lib/security/*
# tar -tf backup.tar

Open file /etc/pam.d/system-auth file with an editor such as vi. Inside the /etc/pam.d/system-auth file you will find line:

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3 type=

Replace the line with:

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3  minlen=10

Notes:

    Make the changes carefully. If a change is made and the system becomes inaccessible, go into rescue mode and replace the files with the backup files previously created.

    Once the proper changes have been made to the system-auth file and everything is working as desired, a backup of the new system-auth should be made. If the authconfig command is used, it will overwrite the system-auth file.

    If a single digit number is used in the password, an extra character must be used in the password.

More detailed information about Pluggable Authentication Module can be found in additional Knowledgebase articles.

Additional reference material can be found at: http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords
0
 
LVL 20

Expert Comment

by:simon3270
ID: 40006081
+1 for the "Making changes to PAM can cause a system to become inaccessible." - when I was checking this, I moved the contents of /etc/pam.d to see what would happen.  Unfortunately I did it on my laptop, rather than the Virtual Machine I thought I was working in, and found that sudo and su stopped working.  i had to boot with a live CD to allow me to move the contents back to get a working system!
0
 
LVL 62

Accepted Solution

by:
gheist earned 1000 total points
ID: 40006693
8 significant digits in password means you are using low-grade DES encryption
While PAM will ask you to have 10 digit password, still 8 digits will be significant.
You need to run
# authconfig --enablemd5
then you can have unlimited length salted md5 passwords
users will get secure password once they change password (if you prefer to force them drop a line here and we will help you with the script)
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question