|
There is no good reason passwords should be restricted to eight
characters. However, the prior implementation of "long passwords"
worked by storing only the first eight characters of the password and
truncating the rest. Thus, users didn't actually have a long
password, they had an eight character password because every piece of
software chopped off the extra characters.
In order to move to true long passwords, the following steps were
identified:
- Disable selection (and truncation) of long passwords in password
changing utilities.
- Disable truncation of long passwords in password verifying
clients.
- Enable selection of long passwords in password changing utilities.
The first step has been completed. Users were never able to set
passwords longer than eight characters, but now they are informed if
they attempt to do so. While there are no users with passwords longer
than eight characters, there may be some users who think they
have passwords with longer than eight characters. In general, these
users can either type only the first eight characters or change their
password in order to authenticate successfully.
The second step is in progress. This table indicates the known
status of the various services requiring authentication. The desired
truncation status should be no for all services.
Service |
Truncates |
WIND (AcIS Web Login Page) |
Yes, to 20 characters |
CourseWorks |
No |
Cubmail |
No |
IMAP/POP |
No |
Cunix, CPUnix (Solaris 7, 8, and 9) |
No |
FTP |
No |
Cluster PCs |
No |
Cluster Macs |
No |
NINJa |
Yes |
Modem Pool |
No |
Desktop Kerberos Clients (kclient, kermit, etc) |
No |
Rascal |
Yes, to 15 characters |
SSOL |
Yes, to 20 characters |
Administrative ID Password Distribution |
Yes |
Any services that does not perform truncation (listed as No)
should behave the same in terms of honoring passwords as the
ticket command on cunix.
|