RE: Passwords in Solaris 8

From: Burkhard Sell (sell@spektra.de)
Date: 09/08/01 

Subject: RE: Passwords in Solaris 8
Date: Sat, 8 Sep 2001 15:27:03 +0200
Message-ID: <91531C2EF097D94ABD7C10E7E914D3C0015FFE@victoria.spektra.de>
From: "Burkhard Sell" <sell@spektra.de>
To: "Dunn, Daniel, CTR, OSD-ATL" <Dan.Dunn@osd.mil>, "FOCUS-SUN (E-mail)" <FOCUS-SUN@SECURITYFOCUS.COM>

I found the same problem (i used an other character than + but also a
special one, i believe '&' or '@') 2 years ago on hpux systems.
These system was useing NIS together with solaris and irix machines.
The system let me change the password but another login was impossible.

The only way was likewise resetting the password using root account.

Burkhard Sell

____________________________________________
Burkhard Sell
Spektra Informationssysteme GmbH
Lenestrasse 3a
39112 Magdeburg

phone: +49 (0)391/6115121
mail: sell@spektra.de
web: www.spektra.de
 

-----Original Message-----
From: Dunn, Daniel, CTR, OSD-ATL [mailto:Dan.Dunn@osd.mil]
Sent: Friday, September 07, 2001 9:31 PM
To: FOCUS-SUN (E-mail)
Cc: Sera, Art, CTR, OSD-ATL
Subject: Passwords in Solaris 8

We are undergoing a network-wide password change for all our users, and
I came across an interesting problem in Solaris 8 and was wondering if
anyone else had encountered it. I discovered that Solaris 8 does not
seem to like special characters in passwords, particularly the + (plus
sign). I have used this character is passwords before in and prior to
Solaris 7 (I currently have a couple of Solaris 7 passwords that contain
+). When I tried to use this character in a new Solaris 8 password, I
got the usual confirmation message that the password was successfully
changed, but then was unable to log in using the new password. Before
anyone asks, no, it was not the first character of the password.
Fortunately, it wasn't for root, and our UNIX guru was able to log in as
root and change it. Has anyone else encountered this? If so, why has
Sun taken out the flexibility of using special characters in passwords?
Or is this a bug they need to fix? Any feed back would be appreciated.

TIA,

Dan

------------------------------------------------------------------------ 

----
-
Daniel R. (Dan) Dunn, EE, CCSA/CCSE 
Principal INFOSEC Engineer, GRC Int'l (an AT&T company) 
OSD-ITD Firewall Administrator 
p: 703-614-8086, ext 500 
f: 703-693-3112

The opinions expressed by the author are entirely his own, and do not
reflect those of AT&T, GRCI, Inc., or their subsidiaries, nor do they
reflect policy, opinion, or endorsement by the US Department of Defense
or any of its agencies.

Relevant Pages

  • Re: CR and LF
    ... > "The character b has no effect, but is allowed for ISO C ... pages describe what *Solaris* does. ... And indeed that is the same for all unix systems. ... is strictly for compatibility with ANSI X3.159-1989 ...
    (comp.unix.questions)
  • Re: Setting password policy on Solaris 8/9
    ... > Password Policy" on Solaris systems. ... > lower case character. ... except that PASSLENGTH isn't enforced for root anyway, ...
    (comp.unix.solaris)
  • Re: How to concatenate lines continued with ?
    ... >>a last character. ... with Linux "gawk" nor with Solaris "nawk"). ... I changed the "sed" script as follows to run with Solaris: ... The two slowest scripts on Linux are the two fastest ones ...
    (comp.unix.shell)
  • Re: why my "backspace" change from machine to machine
    ... > delete the character on any shell terminal. ... Because the default "erase" character for Linux pseudo terminal ... while for Solaris, it's ^H. ...
    (comp.unix.shell)
  • Passwords in Solaris 8
    ... Subject: Passwords in Solaris 8 ... special characters in passwords, ... tried to use this character in a new Solaris 8 password, ... and our UNIX guru was able to log in as root and change it. ...
    (Focus-SUN)