PDA

View Full Version : [ubuntu] login with wrong password



chrisdeeley
June 4th, 2008, 07:50 PM
I've just noticed that my Ubuntu file server let me login with the wrong password :(

My password is 9 characters long but if i miss of the last letter (ie only enter the first 8 ) it still logs me in.

Any idea's why?

Dr Small
June 4th, 2008, 09:05 PM
That doesn't make sense.

The Cog
June 4th, 2008, 09:06 PM
What protocol are you using to log in with?
VNC only checks the first 8 characters.

chrisdeeley
June 4th, 2008, 09:21 PM
I mainly use SSH and webmin for remote admin of the machine which both allow me to login without the last character. It also does this when I connect to my e-mails (using Dovecot IMAP) but samba will only accept the full password!!

cdenley
June 4th, 2008, 10:16 PM
Sounds like your /etc/shadow file has DES hashes. Hardy seems to use MD5 hashes by default. What is the output of


sudo getent shadow chrisdeeley|cut -d : -f 2|cut -c 1,2,3

If it doesn't start with a "$", that is a DES hash, and only the first 8 characters of your password are used. What version of ubuntu are you running. What version were your running when you set that password? Try resetting it.


sudo passwd chrisdeeley


Also, check this file


grep MD5_CRYPT_ENAB /etc/login.defs

chrisdeeley
June 4th, 2008, 11:00 PM
I was and still am running 7.10 gutsy. I just reset the password and now everything's back to normal. I don't understand why though because another user that I set up at the same time also has a long password yet when i tested it, I could only log in with the full password.

Everything appears to be back to normal. I'll try it again in the morning and see what happens.

Thanks for your help