shyaam (at) gmail (dot) com [email concealed] wrote:

> I would like to know the place where I can find the linux password
> constraints for the various linux flavors. What I mean is the details
> like number of key spaces or the key length, the types of charactors
> that can be used, the restrictions and the number of times the
> password can be tried if not infinite, etc. I am in need of these
> details very urgently, so please do help me on this topic.

On any system which uses PAM (which is almost every modern Linux
system), most of these are configuration options, controlled through
the files in /etc/pam.d and /etc/security.

For the underlying libc crypt() function, assuming MD5 passwords, the
password can be any NUL-terminated string. There is no minimum or
maximum length, nor any restriction on which characters (bytes) the
password can contain.

However, if a password contains any control characters or non-ASCII
(8-bit) characters, there may be problems entering it in certain
contexts. Also, individual programs may read the password into a
fixed-size buffer, which will impose an upper limit on the length of a
password.

--
Glynn Clements <glynn (at) gclements.plus (dot) com [email concealed]>

[ reply ]