Subject: Re: Password lenght
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: port-alpha
Date: 03/28/2002 03:35:50
>> What makes you think long passwords aren't supported?
> This easy test makes me think so :()
> I set a password lets say qwerty123456 then i try to login
> Login: root
> Password:  ( i here type qwerty12 and enter)
> VIOLA im logged in....


I looked at this in more detail.  Based on my 1.4T source tree:

Longer passwords are supported, but for passwd(1) to set them you have
to build it with NEWSALT defined.  Add -DNEWSALT to CPPFLAGS in
usr.bin/passwd/Makefile and rebuild and reinstall passwd.

Why NEWSALT isn't defined by default I can only guess.  I would guess
it is for the sake of compatability with other OSes that still use the
antique password hashing algorithm - which really doesn't make any
sense unless YP is in use.

Alternatively, you could write a tiny program to call crypt(3) with a
suitable salt string to get a new password hash, and install that in
master.passwd by hand.  Ugly, but perhaps workable if you don't need to
change your passwords that often.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B