#1  
Old 24th November 2006, 03:35
newblinux newblinux is offline
Junior Member
 
Join Date: Nov 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Question Password Worry

I just started back to playing with linux again, I must say I enjoy all the support available at this site, and there is some heavy brain power on the ispconfig team

So anyway I did the apt-get updates and installed the stable version of the latest ispconfig build, but one thing does worry me.

The login on port 81 is secure to the best of my knowledge. However when I do login and access Web-Ftp and type in a password like "password" I am able to login. Fair enough I set it up that way. When I type "passwor" It boots me out and asks me to try again. However when I type password1 or password123 it lets me login. Sorry I'm still trying to determine if it is something I missed during the setup.
Reply With Quote
Sponsored Links
  #2  
Old 24th November 2006, 09:21
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,138
Thanks: 4
Thanked 52 Times in 48 Posts
Default

It shouldn't act the way it does for you... maybe falko or till can tell you more on that...
Reply With Quote
  #3  
Old 24th November 2006, 10:41
newblinux newblinux is offline
Junior Member
 
Join Date: Nov 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Question Yeah

I cleared my cache and cookies and removed anything checked in autocompete for IE.
I then checked to see if it was a weird browser thing so I ran the password test with Firefox and the same problem happened. :confused:
Reply With Quote
  #4  
Old 24th November 2006, 18:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,421
Thanks: 812
Thanked 5,205 Times in 4,081 Posts
Default

ISPCOnfig uses by default the linux function "crypt" to encrypt the passwords. The old version of this encryption uses only the first 8 chars of a password, so "password" and "password12345" are the same.

ISPConfig also supports the newer password encryption which is not length limited to 8 chars. To enable this encryption, please change the line:

$go_info["server"]["password_hash"] = 'crypt'; // 'crypt' = crypt; 'md5' = crypt-md5

to:

$go_info["server"]["password_hash"] = 'md5'; // 'crypt' = crypt; 'md5' = crypt-md5

in the file /home/admispconfig/ispconfig/lib/config.inc.php

Every new or updated password will use the new encryption then.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 2nd June 2007, 02:07
./w ./w is offline
Junior Member
 
Join Date: May 2007
Posts: 13
Thanks: 1
Thanked 1 Time in 1 Post
Default

Is this 'crypt' encryption function the default used by the last versions of ISPConfig ?
I've installed version 2.2.12 and was having issues with password length until I found this thread. By default, the fresh installation was using the 'crypt function'.

Shouldn't it use the newer one (i.e. md5) ?

Thanks !!
Reply With Quote
  #6  
Old 2nd June 2007, 11:05
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,421
Thanks: 812
Thanked 5,205 Times in 4,081 Posts
 
Default

The default will be the setting that works on all suppoerted linux distributions, and that is the plain old crypt function. We will switch to md5 later when we can make sure that it works on all linux distributions flawlessly.

You can change this setting for your installation to md5, thats why it is configurable in config.inc.php.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Msql Password setup problem robbiewo HOWTO-Related Questions 13 8th May 2008 21:56
Where is the user password saved torusturtle Installation/Configuration 2 20th June 2006 14:40
Can't set up root password on MySQL server for Ubuntu 6.06 simianstyle Installation/Configuration 15 19th June 2006 16:44
MySQL - The Perfect Set Up Fedora Core 4 Gem Installation/Configuration 17 17th May 2006 08:44
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 00:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.