[tac_plus] Issue: Incomplete passwords being accepted
Heasley
heas at shrubbery.net
Sat Feb 28 09:11:13 UTC 2015
Am 28.02.2015 um 06:18 schrieb Alan McKinnon <alan.mckinnon at gmail.com>:
>
> On Wed, 25 Feb 2015 16:11:54 -0800
> Justin Labo <justin.labo at dena.com> wrote:
>
>> Hello,
>>
>> I'm having an issue with tac_plus and was hoping you could shed some
>> light on it.
>>
>> tac_plus is accepting incomplete passwords as valid. For example, if
>> my pasword was 'password' and I enter 'passwor', I can log in. Have
>> you ever seen this before?
Besides what Alan mentions, no. Ill test it though and report if I find a problem.
>>
>> We are running tac_plus version F4.0.4.17.
That is not the most recent version, btw.
>> I was planning on
>> upgrading to the latest release and validating the existing tac_plus
>> configs, but wanted to check in with you guys beforehand.
>
>
> What password hash types are you using?
>
> You get this behaviour with classic Unix crypt hashes (3DES). crypt
> will accept up to 11 characters as an entered password but only use the
> first 9. Entering more than 11 is an error.
>
The first 8 and ignoring trailing bytes is more typical.
> Alan
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
More information about the tac_plus
mailing list