مشکل پسورد روت در ESX 4.1
سلام
این اولین نوشته منه. قبلا فقط خواننده بودم ولی تصمیم گرفتم شروع کنم به نوشتن.
یه خبر دیدم که جالبه.
در سیستم پسورد روت ESX 4.1 مشکلی وجود داره که فقط 8 کاراکتر اول رو محاسبه می کنه و بقیش رو به حساب نمیاره. یعنی اگه پسورد 9 کاراکتری باشه، فقط 8 کاراکتر اولش.
این هم توضیحات بیشتر و راه حل به نقل از سایت vmware
البته دقت کنین این راه حل موقتیه و قراره بعدا یه راه حل دائمی هم بده. اگر این راه حل موقت رو استفاده کردین، بعدا که خواستین از راه حل دائمی استفاده کنین باید تغییرات راه حل موقت رو برگردونین به حالت اصلی.
[LEFT]
[LTR]
[url=http://kb.vmware.com/kb/1024500]VMware KB: ESX 4.1 and ESXi 4.1 root passwords are authenticated up to only 8 characters[/url] [/LEFT]
[B]ESX 4.1 and ESXi 4.1 root passwords are authenticated up to only 8 characters[/B]
[B]Details[/B]
[LEFT]When you set a password in ESX/ESXi 4.1, the pam_passwdqc plug-in parameter [FONT=Courier New]max=nn[/FONT] sets the maximum length allowed for a password. The intended behavior is:
[LIST][*]For all [FONT=Courier New]max[/FONT] values except 8, proposed passwords that exceed the given [FONT=Courier New]max[/FONT] value length are not accepted.[*]For the special value [FONT=Courier New]max=8[/FONT], proposed passwords longer than 8 characters are not rejected, but passwords are truncated to 8 characters. After the password has been accepted and changed, a password submitted for authentication will also be truncated to 8 characters.[/LIST]
By default, no [FONT=Courier New]max[/FONT] value is configured for ESX/ESXi 4.1. The default [FONT=Courier New]max[/FONT] value for the plug-in is 40. This should be the operational [FONT=Courier New]max[/FONT] value for password submission. When the default configuration is used, passwords should not be truncated, either when setting them or when they are authenticated.
In ESX/ESXi 4.1, after a password is accepted by the pam_passwdqc plug-in, ESX/ESXi behaves as if the [FONT=Courier New]max[/FONT] value is 8. When a new password is submitted, the default 40-character maximum is enforced. Thereafter, password authentication behaves as if the [FONT=Courier New]max[/FONT] value is 8, and only the first 8 characters of the password are necessary for authentication.
[/LEFT]
[B]Solution[/B]
[LEFT][B]For ESX:[/B]
Add [FONT=Courier New]md5[/FONT] to the file [FONT=Courier New]/etc/pam.d/system-auth[/FONT].
[LIST=1][*]Log in to the service console and acquire root privileges.[*]Change to the directory [FONT=Courier New]/etc/pam.d/[/FONT].[*]Use a text editor to open the file [FONT=Courier New]system-auth[/FONT].[*]Add [FONT=Courier New]md5[/FONT] to the following line, as shown:[SIZE=2][FONT=Courier New]password sufficient [/FONT][FONT=Courier New][I]/lib/security/[/I][/FONT][FONT=Courier New]$ISA/pam_unix.so use_authtok nullok shadow md5[/FONT][/SIZE]
Optionally, you can use the following [FONT=Courier New]sed[/FONT] command to accomplish this:
[SIZE=2][FONT=Courier New]sed -e [/FONT][FONT=Courier New][I]/password.*pam_unix.so/s[/I][/FONT][FONT=Courier New]/$/ md5/ -i /etc/pam.d/system-auth[/FONT][/SIZE]
[*]Reset the password. If you do not change the password, ESX continues to use the truncated password.[/LIST]
[B]For ESXi:[/B]
Add [FONT=Courier New]md5[/FONT] to the file [FONT=Courier New]/etc/pam.d/system-auth[/FONT].
[LIST=1][*]Access Tech Support Mode. (See [URL="http://kb.vmware.com/kb/1017910"]KB [B]1017910[/B][/URL].)[*]Change to the directory [FONT=Courier New]/etc/pam.d/[/FONT].[*]Use a text editor to open the file [FONT=Courier New]system-auth[/FONT].[*]Add [FONT=Courier New]md5[/FONT] to the following line, as shown:[FONT=Courier New][SIZE=2]password sufficient [I]/lib/security/[/I]$ISA/pam_unix.so use_authtok nullok shadow md5
[/SIZE][/FONT][*](Optional) If you want the change to persist when you restart ESXi, you must add the following line to the file [FONT=Courier New]/etc/rc.local[/FONT]:[FONT=Courier New][SIZE=2]sed -e '[FONT=Courier New][I]/password.*pam_unix.so.* md5/q' -e '/password.*pam_unix.so/s/[/I][/FONT][FONT=Courier New]$/ md5/' -i /etc/pam.d/system-auth[/FONT][/SIZE][/FONT][*]Reset the password. If you do not change the password, ESXi continues to use the truncated password.[/LIST]
VMware expects to release a permanent solution to this issue sometime in the future. We recommend that you remove the workaround from ESXi systems when you install the permanent solution.
[/LTR][/LEFT]
