headers
Lucas Brasilino | 25 Aug 2004 18:29
Picon

popa3d problem with more than 8 character passwords.

Hi!

	I really don't know if it's a bug but I've
installed popa3d 0.6.4.1 with PAM support (AUTH_PAM)
and it's authenticating two passwords if they are
equal up to 8th character. For example:

Real password: 1234567890

12345678 is authenticated.
12345678itsafeature? is authenticated...
and so on.

I'm using RH7.2, PAM 0.74, GLIBC 2.2.2, OpenSSL 0.9.6g

	Any help ? thanks in advance.

--

-- 

[]'s
Lucas Brasilino
brasilino@...
http://www.recife.pe.gov.br
Emprel -	Empresa Municipal de Informatica (pt_BR)
		Municipal Computing Enterprise (en_US)
Recife - Pernambuco - Brasil
Fone: +55-81-34167078
Permalink | Reply | 3 comments |
headers
Daniel Leite | 25 Aug 2004 23:09
Picon

Re: popa3d problem with more than 8 character passwords.

Hi

On Wed, 25 Aug 2004 13:29:20 -0300
Lucas Brasilino <brasilino@...> wrote:
> 12345678 is authenticated.
> 12345678itsafeature? is authenticated...
> and so on.
> 
> I'm using RH7.2, PAM 0.74, GLIBC 2.2.2, OpenSSL 0.9.6g

	i think the problem is in redhat, IIRC, it defaults to normal
	crypt that only supports 8 chars, you have to switch it to
	use MD5 so it can use more than 8 chars

	check the /etc/shadow, if the passwords start with $1, its md5,
	if its a 13 chars field with letters and numbers, its using the
	old crypt... note that its even possible that you have a mix 
	mode, some with normal crypt, others with the MD5

	IIRC, you can change the password setting in /etc/login.defs

daniel
Permalink | Reply | 1 comment |
headers
Solar Designer | 26 Aug 2004 07:45
Favicon

Re: popa3d problem with more than 8 character passwords.

On Wed, Aug 25, 2004 at 01:29:20PM -0300, Lucas Brasilino wrote:
> 	I really don't know if it's a bug but I've
> installed popa3d 0.6.4.1 with PAM support (AUTH_PAM)
> and it's authenticating two passwords if they are
> equal up to 8th character. For example:
> 
> Real password: 1234567890
> 
> 12345678 is authenticated.
> 12345678itsafeature? is authenticated...
> and so on.

This has nothing to do with popa3d specifically.  Your system uses the
obsolete DES-based password hashes which have this limitation.

> I'm using RH7.2, PAM 0.74, GLIBC 2.2.2, OpenSSL 0.9.6g

So you need to configure your RH 7.2 to use the somewhat less obsolete
MD5-based hashes by editing /etc/pam.d/system-auth and adding the
option "md5" to the end of the "password" line.  Of course, this will
only affect newly changed passwords.

<plug>
You may also want to replace your RH 7.2 which reached end-of-life.
If you migrate to Openwall GNU/*/Linux (Owl), you will also get
non-obsolete password hashes supported out-of-the-box:

http://www.openwall.com/Owl/
http://www.openwall.com/crypt/
</plug>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Lucas Brasilino | 26 Aug 2004 13:26
Picon

Re: popa3d problem with more than 8 character passwords.

Hi Daniel:

>>12345678 is authenticated.
>>12345678itsafeature? is authenticated...
>>and so on.
>>
>>I'm using RH7.2, PAM 0.74, GLIBC 2.2.2, OpenSSL 0.9.6g
> 
> 
> 	i think the problem is in redhat, IIRC, it defaults to normal
> 	crypt that only supports 8 chars, you have to switch it to
> 	use MD5 so it can use more than 8 chars
> 
> 	check the /etc/shadow, if the passwords start with $1, its md5,
> 	if its a 13 chars field with letters and numbers, its using the
> 	old crypt... note that its even possible that you have a mix 
> 	mode, some with normal crypt, others with the MD5
> 
> 	IIRC, you can change the password setting in /etc/login.defs

	Thanks a lot for you explanation :)

--

-- 

[]'s
Lucas Brasilino
brasilino@...
http://www.recife.pe.gov.br
Emprel -	Empresa Municipal de Informatica (pt_BR)
		Municipal Computing Enterprise (en_US)
(Continue reading)

Permalink | Reply | 0 comments |
headers
gladko | 29 Aug 2004 14:40
Picon

test2
Permalink | Reply | 3 comments |
headers
gladko | 29 Aug 2004 14:42
Picon

Re: test2

Hi! ALL
Permalink | Reply | 2 comments |
headers
Solar Designer | 29 Aug 2004 14:48
Favicon

Re: test2

On Sun, Aug 29, 2004 at 04:42:31PM +0400, gladko@... wrote:
> Hi! ALL

Your e-mails are getting to the mailing list.  Please cease posting
these tests and learn some netiquette.

--

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
Permalink | Reply | 0 comments |
headers
gladko | 29 Aug 2004 15:07
Picon

popa3d and mysql


ENGLISH

All hello!

The help is very necessary.

There is very good program popa3d.
I want her{*it*} to use with Postfix+MySQL.
+ Virtual users and domains.

Prompt where it is possible to find the information,
 The documentation or examples
How correctly to edit params.h in popa3d,
For correct job popa3d with virtual domains
And virtual users in MySQL.
And also their authorizations through MySQL.

RUSSIAN

Всем здравствуйте!

Очень нужна помощь.

Есть очень хорошая программа popa3d.
Я хочу её использовать с Postfix+MySQL .
+ виртуальные пользователи и домены.

Подскажите где можно найти информацию,
 документацию или примеры
(Continue reading)

Permalink | Reply | 0 comments |

Gmane