0

I have a 13 character long password and my system is allowing me to authenticate with only 8, why?

I have no clue at all, so please give me some guide on what to add to my question, for instance which PAM configuration file would be necessary to find out the issue.

I am not using any standard distro so the problem has to be system configuration, I just copied all the files from /etc/pam.d from a Fedora 21 installation into my /etc/pam.d.

Improve this question
3
  • Probably because the system you are logging in to uses an 8 character maximum password and so is throwing away the other 5 characters.
    – DavidPostill
    Commented Jul 13, 2015 at 11:48
  • @DavidPostill I see, is that configurable?
    – iharob
    Commented Jul 13, 2015 at 11:58
  • Yes, see my answer.
    – DavidPostill
    Commented Jul 13, 2015 at 12:25

1 Answer 1

Reset to default
2

My system is allowing me to authenticate with only 8, why?

max=N (max=40)

The maximum allowed password length. This can be used to prevent users from setting passwords that may be too long for some system services. The value 8 is treated specially: if max is set to 8, passwords longer than 8 characters will not be rejected, but will be truncated to 8 characters for the strength checks and the user will be warned. This is to be used with the traditional DES-based password hashes, which truncate the password at 8 characters.

It is important that you do set max=8 if you are using the traditional hashes, or some weak passwords will pass the checks.

Source pam_passwdqc(8) - Linux man page

I see, is that configurable?

The following information is for SUSE. Other distros will have similar configuration files. You will have to figure this out yourself as you are "not using a standard distro".

The pam_pwcheck configuration file is located at /etc/security/pam_pwcheck.conf.

In this article we are going to force the user not to have a simple password such as a dictionary word. 

password: use_cracklib minlen=5 maxlen=10 tries=3 remeber=20
  • use_cracklib This directive tells PAM to use the cracklib module.
  • minlen=10 This directive specifies the minimum number of alphanumeric characters allowed.
  • maxlen=10 This directive specifies the maximum number of alphanumeric characters allowed.
  • `tries This directive specifies how many attempts the users is allowed before denying them to change their password. remember This directive specifies how many passwords to remember so that the user cannot use them passwords.

Source Setting password policies

Further reading

Improve this answer
3
  • I was just about to delete the question becaise I reinstalled shadow and PAM and it works now, but this is a great answer and I am going to learn from it.
    – iharob
    Commented Jul 13, 2015 at 12:27
  • Oh, these options can be directly specified if I do this password required pam_cracklib.so ( ... options ... ) in a /etc/pam.d/<program name>, right?
    – iharob
    Commented Jul 13, 2015 at 12:32
  • I guess so. I'm no expert on PAM. The Linux-PAM System Administrators' Guide should have all the answers ... ;)
    – DavidPostill
    Commented Jul 13, 2015 at 12:35

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .