[Pkg-shadow-devel] Bug#87301: Clues about PASS_MAX_LEN in login.defs and "max=" setting in PAM
Christian Perrier
Christian Perrier <bubulle@debian.org>, 87301@bugs.debian.org
Thu, 21 Apr 2005 18:54:31 +0200
Please read #87301....
I'm trying to investigate it but indeed I'm having hard times at
understanding the real meaning of PASS_MAX_LEN in login.defs and the
meaning of "max=" setting to pam_unix.so
According to the comment we have in /etc/login.defs:
# Number of significant characters in the password for crypt().
# Default is 8, don't change unless your crypt() is better.
# If using MD5 in your PAM configuration, set this higher.
#
PASS_MAX_LEN 8
That would mean to choosing "12345678" or "123456789" should lead to
the same hash in /etc/shadow. But it does not.
Indeed, This setting just seems to do...nothing.
Same for what we have in /etc/pam.d/common-password (included for passwd):
password required pam_unix.so nullok obscure min=4 max=8 md5
But here, I'm never enforced to passwords below 8 chars....
So, I'm completely puzzled....:)
--