Article 3871 at 06/01/17 03:14:44 From: taco (at mark) scargo.nl Subject: [coba-e:03871] Re: Password Lenght MAX

Index: [Article Count Order] [Thread]
Date:  Mon, 16 Jan 2006 19:18:27 +0100
From:  "Taco Scargo" <taco (at mark) scargo.nl>
Subject:  [coba-e:03871] Re: Password Lenght MAX
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <006101c61ac9$3f3e3d30$71001fac@DELLP4TACO>
References:  <21D06B09-E394-4D7D-A1DD-D97AB3CC5852 (at mark) bellsouth.net> <43CBC607.6030402 (at mark) alpha.or.jp> <200601161059.59694.lesmith (at mark) ecsis.net>
X-Mail-Count: 03871

Hisao,

I completely agree with Larry, when it is going to be changed, change it 
according to a sensible setting.
BTW: the reason for the 16 character limit was simply because the earlier 
cobalts authentication did not use/accept more than 16.
And some Cobalt-engineers wanted to keep it 'backwards-compatible'.

Taco
----- Original Message ----- 
From: "Larry Smith" <lesmith (at mark) ecsis.net>
To: <coba-e (at mark) bluequartz.org>
Sent: Monday, January 16, 2006 5:59 PM
Subject: [coba-e:03869] Re: Password Lenght MAX


> Hisao,
>
>  Will followup as top-post since that is what started....
>
> Personally there is no way to have an even moderately secure password in 
> three
> characters.  All my other boxes have been set to 6,25 - for a minimum of 
> six
> characters to 25 max.  While I won't speak for others, definitely believe
> that if we (the collective we) allow people to use short (three, four
> character passwords) then we are asking to have our boxes "hacked"...
>
> Bottom line, would prefer 6,25 as the default - individuals can "change" 
> to a
> less secure if they want, but at least have moderate security on the 
> package
> out of the box so to speak...
>
> -- 
> Larry Smith
> SysAd ECSIS.NET
> sysad (at mark) ecsis.net
>
>
>
> On Monday 16 January 2006 10:12, Hisao SHIBUYA wrote:
>> Hi Billy,
>>
>> The password length is defined in /usr/sausalito/schemas/basetypes.schema
>> file. You can find near line 69 like the following.
>> <typedef
>>          name="password"
>>          type="re"
>>          data="^[^\001-\037\177]{3,16}$"
>> />
>>
>> You can enter 18 charactors for password after changing the below line.
>>          data="^[^\001-\037\177]{3,18}$"
>> And, please restart cced with '/etc/init.d/cced.init restart' command.
>>
>> I can easy change this limit, does anyone have any comment?
>>
>> Regards,
>> Hisao
>>
>> Billy Lenox wrote:
>> > I have a new password that has 18 chars in it, both upper lower and
>> > special chars. Why is there a limit in the Blueqartz Software. It 
>> > works
>> > great under the CentOS underlay. Does anyone know when this  might be
>> > fixed.
>> >
>> > Billy
>> >
>> > Error Message from BlueQuartz:
>> > Sorry, the password you entered was invalid. The password should be
>> > between 3 and 16 characters long. A good password should contain at
>> > least 5 characters with a mix of uppercase and lowercase letters as
>> > well as numbers and punctuation. It should not spell out any words
>> > found in the dictionary. Passwords are case sensitive.
>
>
>