[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Password Problems

Subject: Re: [cobalt-security] Password Problems
From: Gareth Bromley <gbromley@xxxxxxxxxxx>
Date: Mon, 14 Jul 2003 09:32:16 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 14 Jul 2003, Rick wrote:
> Hi,
> I have a Raq2. When i mistyped and only typed the first 8 chars of my
> root password, it entered into su - mode. Kindly Advise.
A common older UNIX (and some other OSes) failing where the first 8
characters are the only things significant in authenticating a user.

I believe (although can no longer test) that the Tru64 UNIX in a C2 config
has supported longer passwords (since 1997??), or by using MD5 (or other
hashing functions) in newer OpenSource OSes instead of the old DES salted
passwords fixes this. Also using an external authentication system i.e.
LDAP, RADIUS, TACACS+, SecurID would also get round this particular
limitation.

Really you need to upgrade your RaQs OS to something a bit newer (if this
is possible) that supports MD5/SHA/... instead of teh legacy UNIX password
salting.

Hope this helps

Gareth

References:
- [cobalt-security] Password Problems
  - From: Rick

Prev by Date: [cobalt-security] Password Problems
Next by Date: Re: [cobalt-security] Password Problems
Previous by thread: [cobalt-security] Password Problems
Next by thread: Re: [cobalt-security] Password Problems

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index