Prev: (Follow-up) **** Need printing help in Solaris 10 zones
Next: sun java desktop - best way to mount an smb share?
From: Ryan Hard on 30 Jan 2010 05:44
Our servers only use the standard /etc/passwd, no LDAP or anything and
I recently used passwd to change the user and root passwords on two
boxes(one is a mostly identical failover). I happened to notice that,
in addition to the new one, all the old passwords still work even from
before I got here so I have to assume this has always been going on.
Any ideas why this would happen?
From: Ryan Hard on 30 Jan 2010 07:17
Nevermind I figured it out. Was using old-school crypt which only
recognizes the first 8 characters in a pass while the rest is
truncated.
From: hume.spamfilter on 30 Jan 2010 09:51
Ryan Hard <ryan.m.hard(a)gmail.com> wrote:
> Nevermind I figured it out. Was using old-school crypt which only
> recognizes the first 8 characters in a pass while the rest is

That implies that the first eight characters of all your passwords were the
same. I hope that doesn't mean that your passwords are of the form
"password01", "password02", and so on.

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/
From: Ryan Hard on 31 Jan 2010 04:30
On Jan 30, 5:51 pm, hume.spamfil...(a)bofh.ca wrote:
> Ryan Hard <ryan.m.h...(a)gmail.com> wrote:
> > Nevermind I figured it out. Was using old-school crypt which only
> > recognizes the first 8 characters in a pass while the rest is
>
> That implies that the first eight characters of all your passwords were the
> same.  I hope that doesn't mean that your passwords are of the form
> "password01", "password02", and so on.
>
> --
> Brandon Hume    - hume -> BOFH.Ca,http://WWW.BOFH.Ca/

Well yes but they're only accessible locally(like, the same room
locally) in a controlled building in a controlled area and the
passwords are really just for show. If someone has physical access who
shouldn't, we've got way more to worry about.
From: hume.spamfilter on 31 Jan 2010 20:26
Ryan Hard <ryan.m.hard(a)gmail.com> wrote:
> Well yes but they're only accessible locally(like, the same room
> locally) in a controlled building in a controlled area and the
> passwords are really just for show. If someone has physical access who

Okay, your original post made it sound like the passwords being worthless
was actually a concern.

Glad to hear these aren't on the network, however. I hope that bad practice
doesn't extend to anything that actually is. (In my experience, it usually
does...)

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/
 |  Next  |  Last
Pages: 1 2 3
Prev: (Follow-up) **** Need printing help in Solaris 10 zones
Next: sun java desktop - best way to mount an smb share?