From nobody@FreeBSD.ORG Fri Dec  3 11:57:16 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id E6A9E14F55; Fri,  3 Dec 1999 11:57:15 -0800 (PST)
Message-Id: <19991203195715.E6A9E14F55@hub.freebsd.org>
Date: Fri,  3 Dec 1999 11:57:15 -0800 (PST)
From: steve@globaltap.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: eight char password secutity problem
X-Send-Pr-Version: www-1.0

>Number:         15247
>Category:       misc
>Synopsis:       eight char password secutity problem
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec  3 12:00:01 PST 1999
>Closed-Date:    Mon Dec 6 07:41:23 PST 1999
>Last-Modified:  Mon Dec  6 08:00:42 PST 1999
>Originator:     Steve McGrane
>Release:        3.1
>Organization:
The Globaltap Corporation
>Environment:
FreeBSD teknosurf2.com 3.1-RELEASE FreeBSD 3.1-RELEASE #1: Wed Sep 15 18:22:16 PDT 1999     steve@globaltap.com:/usr/src/sys/compile/modkern i386
>Description:
Passwords greater than eight chars are not significant
>How-To-Repeat:
Create a user account, with a password that is eight chars or longer, log in with the proper first eight chars, then enter any keys after that and access is granted
>Fix:


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Mon Dec 6 07:41:23 PST 1999 
State-Changed-Why:  
What you are seeing is not a bug, nor a problem, given a good 
understanding of the available crypt methods in FreeBSD.  Please 
see http://www.freebsd.org/handbook/security.html#CRYPT and 
consider using md5. :-) 
>Unformatted:
