|
|
On Wed, 17 Aug 2011 23:06:14 +0100, Orchid XP v8 wrote:
> On 17/08/2011 09:18 PM, Warp wrote:
>
>> For a very long time unixes used only 8 character passwords at most.
>> (You could write more, but everything after the 8th character was
>> ignored and could thus be anything.)
>>
>> I think most modern unixes have lifted this limitation.
>
> If I'm not very much mistaken, obsolete versions of Windows did
> something similar. Like, when you *set* your password, it uses only the
> first 14 characters and ignores the rest, but when you *enter* your
> password for authentication, it uses all 14 characters...
>
> ...in other words, if you set a password containing more than 14
> characters, you just locked yourself out of the network. Until you
> figure out that by typing only the first 14 characters, it lets you in
> again. Like, WTF?
Yep, you do remember correctly, in fact, I think I wrote something
similar in this very thread. :)
> Since Windows XP and higher use Kerberos, a protocol designed by people
> who have a clue, I'm guessing this kind of stupidity is gone now...
Well, I remember in Windows Server 2000 (with the first release of AD)
that there were circumstances where NTLM authentication would be used
instead of Kerberos, and it wasn't always predictable. So you could
actually end up with a real authentication nightmare in a distributed
environment (which is what I was dealing with) where you might change
your password and then try to authenticate using NTLM, but the PDC
Emulator hadn't received the update (depending on your sync schedules and
such), and since the PDC Emulator was used for NTLM authentication, you
could lock yourself out and not even realise that you were setting the
password using one method and trying to authenticate using the other.
I *hope* they got that sorted out (and would be surprised if they
didn't). We duplicated that in the lab with Microsoft Consulting at the
time....
Jim
Post a reply to this message
|
|