Jeremy Allison
1999-Mar-09 19:24 UTC
Samba 2.0.3 logins fail with unix password > 8 chars (PR#14551)
> A user on our HPUX box creates a new 11 character password. HPUX silently > drops the last three chars and accepts the new password. The user, being > unaware of the 8 char limit assumes their password is actually 11 chars > long. Now, when they try to connect to a share on the HP from their NT4 > box, they type the "full" 11 chars of their password only to be greeted with > a Bad Password message. If on the other hand, they type ONLY THE FIRST 8 > characters of the password, it succeeds! This is rather strange since the > system itself ignores the extra characters. > > What changed in v2.0.3 to cause this behaviour? Is there an config option > to change it? I've looked through the documentation but can't find anything > that might help.Actually, Steve Fosdick (fosdicsj@aom.bt.co.uk) has tracked down this exact issue (I'm *very* grateful Steve, thanks). The problem is that, as you say, the standard HPUX auth mechanism is a crypt that truncates at 8 characters. Unfortunately autoconf detects that HPUX has "bigcrypt" (the <8 character crypt) available to it, and so uses bigcrypt by default. The output from bigcrypt is obviously going to be different from crypt with greater than 8 char passwords. Steve got around this in his compile by running configure and then manually #undef'ing the HAVE_BIGCRYPT lines in config.h. What we need is an autoconf test to determine if an HPUX system is actually set up to use bigcrypt in the /etc/passwd or /etc/shadow files and turn off bigcrypt accordingly. Anyone here from HP who has an idea how to code this test ? Cheers, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. --------------------------------------------------------