# # (SCO Unix) How can I increase the number of characters that are significant in a password?
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© December 2003 (various)

Unix, Xenix and ODT General FAQ

This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

How can I increase the number of characters that are significant in passwords (Old Sco Unix)?

This is an ancient post with no relevance to modern systems.

(This applies to 3.2v4.x and up)

Two factors control passwords: the maximum length that a generated password can be, and how much of a password is significant.

Both parameters are in /etc/auth/system/default.


 default:\
        :d_name=default:\
        :u_pwd=*:\
        :u_priority#0:u_cmdpriv=audittrail,su,queryspace,printqueue,mem,terminal:\
        :u_syspriv=execsuid,nopromain,chmodsugid,chown:\
        :u_minchg#0:u_maxlen#80:u_exp#0:u_life#0:\
        :u_pickpw:u_genpwd:[email protected]:u_nullpw:\
        :u_suclog#0:u_unsuclog#0:u_maxtries#99:u_lock:\
        :u_singleuserpswd:u_secclass=c2:[email protected]:[email protected]:\
        :u_pwseg#2:\
        :t_logdelay#1:t_maxtries#99:t_login_timeout#60:\
        :chkent:
 

In the above example, u_maxlen#80 means that generated passwords can be up to 80 characters long. That affects the password generator program only. The u_pwseg#2 limits the significance to 2 segments or 16 bytes (2 * 8). If you wanted 24 characters to be significant, you'd change it to u_pwseg#3.

Note that the u_maxlen doesn't stop you from telling the password program that you have a longer password-you can enter whatever you like. Also, if you aren't using the generator, all you need to change is u_pwseg to have more significant characters.

Thanks to Roger Cornelius for pointing out inaccuracies in the original article. I had thought that u_maxlen had to be equal or greater than u_pwseg * 8; they are completely unrelated.

You are supposed to be able to use useradd or usermod to change the significant segments for a specific user. According to the man page for useradd, this should work:

usermod -x "{ passwdSignificantSegments 2 }"  username
 

But I've found it just complains that there is no attribute "passwdSignificantSegments".

Recently Gerald Monds explained why I had that problem:

From the man pages... changing "passwdSignificantSegments"
is a system default change and not user specific. The
man pages say it cannot be used without "-D" So the
correct syntax should be

usermod -D -x "{passwdSignificantSegments 2}"

You wouldn't think that increasing password security would necessarily cause a confusing login problem, but it did.

What happened was this: users were, in fact, using longer passwords, but the system was set to only pay attention to the first eight characters. When this was changee, users who were using the longer passwords now suddenly could not log in.

From: [email protected] (John DuBois)
Newsgroups: comp.unix.sco.misc
Subject: Re: password bug!
Date: Tue, 13 Apr 1999 01:05:36 GMT
References: <[email protected]> 

In article <[email protected]>,
clive keough <[email protected]> wrote:
>Although I've never seen it posted. Is it well known that only the
>first 8 characters of the password count on SCO openserver. It doesn't
>just occur on one machine or one version here either. I wasn't aware
>that this was a problem/bug and I've not seen it written elsewhere.

Only the first 8 characters count *by default*.  It's easy to change.  The part
of a password that is significant is set in "segments" of 8 characters.  To
e.g. increase the significant length to 32 characters, do (on a 5.0 system):

usermod -D -x '{passwdSignificantSegments 4}'

MAJOR caveat:
Only the significant part of a password is stored, AND
only the significant part is compared.  So, if you have
the significant segments set to 1, you may have users
using >8-character passwords; the password routines
just ignore the extra characters.  But when you increase
the significant segments beyond 1, suddenly all those
users will not be able to log in... because now more than
8 characters of the password they enter are being compared
against the 8 characters stored in the password database.
I learned this the hard way when I bumped segments up
from 1 to 4 shortly after moving from XENIX to UNIX.
The solution was to put a notice in /etc/issue.  These days
you'd do better to put it in BANNER in /etc/default/issue.

        John
-- 
John DuBois    [email protected]    KC6QKZ   http://www.armory.com./~spcecdt/



If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> (SCO Unix) How can I increase the number of characters that are significant in a password?


Inexpensive and informative Apple related e-books:

iOS 10: A Take Control Crash Course

Take Control of OS X Server

Take Control of Upgrading to El Capitan

Digital Sharing Crash Course

Take Control of IOS 11






Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





A C program is like a fast dance on a newly waxed dance floor by people carrying razors. (Waldi Ravens)




Linux posts

Troubleshooting posts


This post tagged:

FAQ

SCO_OSR5



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode