Summary: Enhanced Security

From: Tripathi, Ashish <ATripathi_at_us.infogrames.com>
Date: Thu, 18 Apr 2002 11:44:07 -0400

> Special Thanks goes to Denise Dumas.I changed the algorithm from Crypt to
> bigcrypt and that solved the issue.
>
> Below is the reply from Denise
>
>
> Hi,
> What algorithm are you using?
> Some encryption algorithms work on a maximum number of characters - no
> bug, just
> a feature of the algorithm. We provide four different algorithms,
> specified in
> dxaccounts / security / password options / encryption type.
> bigcrypt (0) - best, allows any length password, DES-based, enhanced
> security
> default
> crypt16 (1) - allows password length to 16 char maximum
> crypt (2) - traditional UNIX password algorithm, allows passwords to 8
> chars
> maximum (I think you would have gotten this or C1crypt if you had chosen
> 'shadow
> passwords only' option when you converted from base to enhanced).
> C1crypt (3) - same as crypt but also stores the password in both
> /etc/passwd and
> auth.db
> The algorithm type and the minchosen and maxchosen fields determine both
> the
> minimum and maximum password length. If minchosen = 0, it means compute
> the
> minimum
> password length based on "Green Book" rules (U.S. TCSEC security
> regulations).
> When maxchosen=80, the default, the Green Book rules compute minchosen to
> 9. If
> 9 exceeds the length possible with the algorithm, the maximum length
> possible
> for the algorithm (8) is used. If you want an 8-character max, just change
> minchosen to 1 instead of 0.
>
> Denise
> Tru64 Security
>
>
>
> -----Original Message-----
> From: Tripathi, Ashish [SMTP:ATripathi_at_us.infogrames.com]
> Sent: Wednesday, April 17, 2002 9:38 AM
> To: 'tru64-unix-managers_at_ornl.gov'
> Subject: Summary: Enhanced Security
>
> Thanks to Michael James Bradford,Rochelle Lauer and all others for
> their
> replies.After digging a little deeper I found that the system
> doesn't allow
> passwords more than 8 characters even after setting u_maxlen and
> u_maxchosen
> to 20.Is their any other variable needs to be changed?
>
> Below is my Original message.
> Hi Admins,
> I am running an DS20 with Tru64 5.1 and I converted the
> system to
> enhanced security.Users use Exceed to login to the system but now it
> doesn't
> allow the users to login using exceed and always shows "Login
> Incorrect"
> message.Users can login with the same password and login ID by
> logging in to
> some other server and doing telnet.
> Can someone show any light on this?Is there any file I need to
> modify?
> Moreover it doesn't except any password less than 8 characters and
> more than
> 8.It asks for exactly 8 character passwords.Why??
> Thanks and I'll summarize.
> Ashish Tripathi
> Unix Administrator
> Infogrames Inc.
>
>
>
>
Received on Thu Apr 18 2002 - 15:48:22 NZST