Yeps that's a shortcoming of crypt(). One way to go around it is to use a 8
char password, but a pretty random string (the "password") as the username
;)
Ray.
On Thu, Apr 8, 2010 at 12:07 AM, Boris Dolgov <boris@dolgov.name> wrote:
> On Wed, Apr 7, 2010 at 7:33 PM, AMP Admin <admin@ampprod.com> wrote:
> > On one of my boxes I noticed that if the password is only half the string
> it
> > will authenticate.
> > Should be:
> > Username: tester
> > Pass: ThisPassword1234#&^
> > But the following authenticates:
> > Username: tester
> > Pass: ThisPassword
> > Can anyone confirm this behavior?
>
> ThisPass will also authenticate - crypt() uses only first 8 symbols of
> the password.
>
> --
> Boris Dolgov.
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx