سلام
این اولین نوشته منه. قبلا فقط خواننده بودم ولی تصمیم گرفتم شروع کنم به نوشتن.

یه خبر دیدم که جالبه.

در سیستم پسورد روت ESX 4.1 مشکلی وجود داره که فقط 8 کاراکتر اول رو محاسبه می کنه و بقیش رو به حساب نمیاره. یعنی اگه پسورد 9 کاراکتری باشه، فقط 8 کاراکتر اولش.

این هم توضیحات بیشتر و راه حل به نقل از سایت vmware
البته دقت کنین این راه حل موقتیه و قراره بعدا یه راه حل دائمی هم بده. اگر این راه حل موقت رو استفاده کردین، بعدا که خواستین از راه حل دائمی استفاده کنین باید تغییرات راه حل موقت رو برگردونین به حالت اصلی.

ESX 4.1 and ESXi 4.1 root passwords are authenticated up to only 8 characters

Details

When you set a password in ESX/ESXi 4.1, the pam_passwdqc plug-in parameter max=nn sets the maximum length allowed for a password. The intended behavior is:


  • For all max values except 8, proposed passwords that exceed the given max value length are not accepted.
  • For the special value max=8, proposed passwords longer than 8 characters are not rejected, but passwords are truncated to 8 characters. After the password has been accepted and changed, a password submitted for authentication will also be truncated to 8 characters.

By default, no max value is configured for ESX/ESXi 4.1. The default max value for the plug-in is 40. This should be the operational max value for password submission. When the default configuration is used, passwords should not be truncated, either when setting them or when they are authenticated.

In ESX/ESXi 4.1, after a password is accepted by the pam_passwdqc plug-in, ESX/ESXi behaves as if the max value is 8. When a new password is submitted, the default 40-character maximum is enforced. Thereafter, password authentication behaves as if the max value is 8, and only the first 8 characters of the password are necessary for authentication.
Solution

For ESX:
Add md5 to the file /etc/pam.d/system-auth.
  1. Log in to the service console and acquire root privileges.
  2. Change to the directory /etc/pam.d/.
  3. Use a text editor to open the file system-auth.
  4. Add md5 to the following line, as shown:password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow md5


    Optionally, you can use the following sed command to accomplish this:

    sed -e /password.*pam_unix.so/s/$/ md5/ -i /etc/pam.d/system-auth

  5. Reset the password. If you do not change the password, ESX continues to use the truncated password.

For ESXi:
Add md5 to the file /etc/pam.d/system-auth.
  1. Access Tech Support Mode. (See KB 1017910.)
  2. Change to the directory /etc/pam.d/.
  3. Use a text editor to open the file system-auth.
  4. Add md5 to the following line, as shown:password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow md5
  5. (Optional) If you want the change to persist when you restart ESXi, you must add the following line to the file /etc/rc.local:sed -e '/password.*pam_unix.so.* md5/q' -e '/password.*pam_unix.so/s/$/ md5/' -i /etc/pam.d/system-auth
  6. Reset the password. If you do not change the password, ESXi continues to use the truncated password.

VMware expects to release a permanent solution to this issue sometime in the future. We recommend that you remove the workaround from ESXi systems when you install the permanent solution.




موضوعات مشابه: