Bug 233478 - Authentication fails if password > 128 characters
Summary: Authentication fails if password > 128 characters
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 11.2-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs mailing list
URL:
Keywords: regression, security
Depends on:
Blocks:
 
Reported: 2018-11-24 19:37 UTC by ASV
Modified: 2018-11-28 05:11 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ASV 2018-11-24 19:37:06 UTC
After upgrading from 11.1 RELEASE to 11.2 RELEASE through freebsd-update I've been locked out from my remote server after the reboot.
Further investigation and testing on another FreeBSD 11.2 RELEASE (upgraded through build world instead and perfectly working) confirmed that I was locked out because the previous passwords were larger than 128 characters.

Both systems are set "passwd_format=sha512" through login.conf (which I believe is the default value nowadays).
This issue is something new, was never there and actually forced me to login and fix it modifying the passwords while in single user mode with something shorter.
Comment 1 ASV 2018-11-24 19:54:24 UTC
By the way, you're allowed to set passwords as long as you like but PAM will fail to authenticate. If there's a reason why this is happening (why?!), so if it's not a bug, I believe a check should be introduced to forbid the setting of passwords with length > 128 characters.