puzzled by passwords inconsistency
Posted: Tue Jan 05, 2016 3:51 pm
I am using Amahi since several years in a rather safe home network and I never bothered too much about passwords.
For the first time in years I have changed a password. I did it using the web interface and selected a 12 characters string.
I noticed that mounting shares in windows, I would need the old password and that is a known issue.
What really puzzled me was that as I was able to login using ssh using only the first 8 characters of my new password. Everything from the 9th character would be ignored. The same is true for su authentication.
I googled a lot and could not find any explanation in the context of Fedora so I imagined that the Amahi install would have changed something there. To my total surprise login to the web interface (http://hda/user_sessions/new) works only with the full 12 characters password; no truncation here.
I have created all people users through the web interface, but I did install some non amahi apps and had to tweak some parameters. I cannot imagine I have compromised the security of my server so severely.
I am using Amahi 7 for Fedora 19 (manual install with xfce). Could someone try to reproduce this issue? I would like to know if I have broken something or if this is a common problem.
Any suggestion welcome,
Thank you
For the first time in years I have changed a password. I did it using the web interface and selected a 12 characters string.
I noticed that mounting shares in windows, I would need the old password and that is a known issue.
What really puzzled me was that as I was able to login using ssh using only the first 8 characters of my new password. Everything from the 9th character would be ignored. The same is true for su authentication.
I googled a lot and could not find any explanation in the context of Fedora so I imagined that the Amahi install would have changed something there. To my total surprise login to the web interface (http://hda/user_sessions/new) works only with the full 12 characters password; no truncation here.
I have created all people users through the web interface, but I did install some non amahi apps and had to tweak some parameters. I cannot imagine I have compromised the security of my server so severely.
I am using Amahi 7 for Fedora 19 (manual install with xfce). Could someone try to reproduce this issue? I would like to know if I have broken something or if this is a common problem.
Any suggestion welcome,
Thank you