Solaris: Password Complexity and Truncation Issues

BarbedWireSpoolWow. Look a Solaris post. So today I was forced to log into a couple
of Solaris boxes and ran into a very annoying issue that I thought I
would document for the other 5 people in the world who still use
Solaris.

Anway I was ssh'ing into the server and found that my password had expired, and I was forced to change it.

Password:
Warning: Your password has expired, please change it now.

So
this is fine, as I have a nice password that I like to use thats almost
20 characters long and includes enough character classes to make almost
any security auditor happy.

So I attempted to change my existing password  and got the following messages

New Password:
Re-enter new Password:
Warning: your longer password will be truncated to 8 characters.

Weak password: not enough different characters or classes.

What
my password is too long so Solaris truncates it and then complains that
its not complex enough? Well that's dumb.

I fought for a little while to try to come up
with a decent password, and even generated one on my Linux box to try,
but everytime it was too long and did not have enought character
classes. Finally I came up with the worlds hardest to type 8 character
password and was able to log in.

So how to you fix this truncating issue. Easy.

Edit the following file /etc/security/policy.conf and change the CRYPT_DEFAULT line from this…

#CRYPT_DEFAULT=__unix__

to this …

#CRYPT_DEFAULT=md5

Now you are not limited to 8 character passwords. Password complexity can stay the same and you are not sacrificing security for usability.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s