Wow. Look a Solaris post. So today I was forced to log into a couple
of Solaris boxes and ran into a very annoying issue that I thought I
would document for the other 5 people in the world who still use
Solaris.
Anway I was ssh'ing into the server and found that my password had expired, and I was forced to change it.
Password:
Warning: Your password has expired, please change it now.
So
this is fine, as I have a nice password that I like to use thats almost
20 characters long and includes enough character classes to make almost
any security auditor happy.
So I attempted to change my existing password and got the following messages
New Password:
Re-enter new Password:
Warning: your longer password will be truncated to 8 characters.Weak password: not enough different characters or classes.
What
my password is too long so Solaris truncates it and then complains that
its not complex enough? Well that's dumb.
I fought for a little while to try to come up
with a decent password, and even generated one on my Linux box to try,
but everytime it was too long and did not have enought character
classes. Finally I came up with the worlds hardest to type 8 character
password and was able to log in.
So how to you fix this truncating issue. Easy.
Edit the following file /etc/security/policy.conf and change the CRYPT_DEFAULT line from this…
#CRYPT_DEFAULT=__unix__
to this …
#CRYPT_DEFAULT=md5
Now you are not limited to 8 character passwords. Password complexity can stay the same and you are not sacrificing security for usability.