Samba 2.0.3 logins fail with unix password > 8 chars (PR#14551)
Jeremy Allison
jallison at cthulhu.engr.sgi.com
Tue Mar 9 19:24:22 GMT 1999
> A user on our HPUX box creates a new 11 character password. HPUX silently
> drops the last three chars and accepts the new password. The user, being
> unaware of the 8 char limit assumes their password is actually 11 chars
> long. Now, when they try to connect to a share on the HP from their NT4
> box, they type the "full" 11 chars of their password only to be greeted with
> a Bad Password message. If on the other hand, they type ONLY THE FIRST 8
> characters of the password, it succeeds! This is rather strange since the
> system itself ignores the extra characters.
>
> What changed in v2.0.3 to cause this behaviour? Is there an config option
> to change it? I've looked through the documentation but can't find anything
> that might help.
Actually, Steve Fosdick (fosdicsj at aom.bt.co.uk) has tracked
down this exact issue (I'm *very* grateful Steve, thanks).
The problem is that, as you say, the standard HPUX auth
mechanism is a crypt that truncates at 8 characters.
Unfortunately autoconf detects that HPUX has "bigcrypt"
(the <8 character crypt) available to it, and so uses
bigcrypt by default. The output from bigcrypt is obviously
going to be different from crypt with greater than 8 char
passwords.
Steve got around this in his compile by running configure
and then manually #undef'ing the HAVE_BIGCRYPT lines in
config.h.
What we need is an autoconf test to determine if an HPUX
system is actually set up to use bigcrypt in the /etc/passwd
or /etc/shadow files and turn off bigcrypt accordingly.
Anyone here from HP who has an idea how to code this test ?
Cheers,
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba
mailing list