From nobody@FreeBSD.org  Wed May 26 16:31:14 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CDE7316A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 26 May 2004 16:31:14 -0700 (PDT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C7A8143D2F
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 26 May 2004 16:31:14 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i4QNUGuF065791
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 26 May 2004 16:30:16 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.11/8.12.11/Submit) id i4QNUGOA065790;
	Wed, 26 May 2004 16:30:16 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200405262330.i4QNUGOA065790@www.freebsd.org>
Date: Wed, 26 May 2004 16:30:16 -0700 (PDT)
From: GS <goiden@comcast.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: adduser concatenates the password
X-Send-Pr-Version: www-2.3

>Number:         67240
>Category:       i386
>Synopsis:       adduser concatenates the password
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-i386
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 26 16:40:29 PDT 2004
>Closed-Date:    Thu May 27 14:11:03 PDT 2004
>Last-Modified:  Thu May 27 14:11:03 PDT 2004
>Originator:     GS
>Release:        4.9
>Organization:
>Environment:
4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003     root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
      the password the user puts into adduser is concatenated
>How-To-Repeat:
      adduser - put the person's password, so say username goiden, password is goidenpassword.  you can log in as goiden password goidenpass or goidenpassw or goidenpasswo or goidenpassword.  It seems that only "goidenpass" is stored
>Fix:
      to fix the user has to passwd to change their password.  If they change it to goidenpassword, it takes correctly.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: simon 
State-Changed-When: Thu May 27 14:04:10 PDT 2004 
State-Changed-Why:  
The problem is that adduser in 4.X default to DES passwords, even when 
login.conf is set to MD5.  DES passwords can't be very long (10 
characters, like you mentioned is probably about right) so more 
characters will just be ignored. 
This problem is mentioned in PR bin/24953, so I'm closing this PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=67240 
>Unformatted:
