[Date Prev][Date Next] [Chronological] [Thread] [Top]

password question


I discovered today that my ldap authentication is
allowing people to login wiht the wrong password.

Say my password id "green". When prompted by my web
broser or mail client for a password I can enter
"greenfrog" and still get access. The password "green"
is not equal to "greenfrog" is it? I don't think so.
It only seems to work as long as the password is
prefixed with my valid password. So, "greenwhatever"
is accepted.

Anyone know why it works this way?

Server details:
Red Hat Enterprise Linux ES release 3


Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.