[freeside] Password Length

rdailey at colusanet.com rdailey at colusanet.com
Wed Apr 18 09:15:25 PDT 2001

What I meant was, on the Customer Add screen, the maximum length of the 
password text box is eight.  Even if you change that, any more than eight 
characters results in an error "illegal password"

Personally, we're only exporting to Radius users file anyway, so there is 
no need to limit the number of characters when we add the user.

>On Sat, Apr 14, 2001 at 02:44:55PM -0700, Jason Spence wrote:
> > On Sat, Apr 14, 2001 at 12:20:29PM -0700, rdailey at colusanet.com developed
> > a new theory of relativity and:
> >
> > > Why is the maximum password length only eight characters?  I
> > > understand that Unix only uses the first eight characters, anyways,
> > > but what about RADIUS?
> >
> > RADIUS has a limit of 128 characters.  See section 5.2 of RFC 2138.
> >
> > The 8 character bottleneck comes from BSD systems, I think.  I know
> > that in the past, they only treated the first 8 characters as
> > significant, but I'm not sure whether that is still true now that
> > they're using MD5.
>Historically, not just BSD systems, but all unices, whether BSD-flavoured,
>SysV-flavoured (Solaris etc.) or independantly implemented (Linux), have
>used a DES-flavoured crypt(3) with 8 significant characters.

Rick Dailey
<mailto:%2F%2Frdailey at colusanet.com>rdailey at colusanet.com

More information about the freeside-users mailing list