*BSD News Article 60166


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!nntp.coast.net!swidir.switch.ch!in2p3.fr!univ-lyon1.fr!jussieu.fr!infobiogen.fr!sansgene.genethon.fr!julienas!news2.EUnet.fr!EU.net!newsfeed.internetmci.com!in1.uu.net!csn!nntp-xfer-2.csn.net!symbios.com!southwind.net!complete.org!not-for-mail
From: jgoerzen@complete.org (John Goerzen)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.admin
Subject: Password security
Date: 24 Jan 1996 15:55:33 -0600
Organization: Communications Centre (+1 316 367 8490)
Lines: 22
Message-ID: <4e69sl$6ci@complete.org>
NNTP-Posting-Host: complete.org
X-Newsreader: TIN [version 1.2 PL2]
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:12880 comp.unix.admin:37618


I am running FreeBSD 2.1.0R.

Two questions.

First, is it possible to increase the maximum length of login passwords
beyond 8 characters without modifying any sources?  If not, which source(s)
do I need to modify in order to achieve that?

Secondly, using Kerberos.  I have detected what appears to be a flaw with
the su program, although it could just be configuration error on my part. 
When somebody issues a su command to su to root, su will prompt them for a
password.  They can enter anything they want the first time.  It will prompt
for password again, and this time, if they enter root's login password, they
will be su'd to root.

Thanks.

-- 
John Goerzen, programmer and owner | Use #10 for your Win95 CD: it makes |
Communications Centre, Goessel, KS | an excellent cupholder.             |
Main e-mail: jgoerzen@complete.org | #11: Nice decorations 2 hang on wall|