Path: utzoo!attcan!uunet!snorkelwacker!usc!ucsd!ucbvax!INTELLICORP.COM!ADAMS From: ADAMS@INTELLICORP.COM (Kevin Adams) Newsgroups: comp.protocols.appletalk Subject: Limitations imposed by AppleShare's User Authentication Method (UAM).. Message-ID: Date: 15 Aug 90 00:26:58 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 24 I would like to comment on the restriction Apple places on the maximum length a password associated with an AppleShare server can be. Currently, one can have only up to 6 characters. From a security standpoint, this seems to be too few. Most timesharing/server operating systems provide for passwords up towards 16 or 32 characters. Now, realistically, nobody uses much more than, say, 10. The 6 character length restriction really starts to become a problem when the password file used by AppleShare serves double duty, that is, is also used to authenticate users of large timesharing/server systems (i.e. Unix, VMS, etc.). More to the point, other systems provide ways of forcing or encourging longer passwords. This is critical when your password database is largely centralized and referenced by many different security agents. It is my feeling and desire to see AppleShare support password lengths much more in line with other systems. The purpose of this message is not to provoke a discussion on passwords and security. But, rather, to find out if anyone else has the same thoughts and views on the topic. If so, how you deal with this problem. Of course, my ideal solution would be for Apple to increase the maximum password length. Anyone know if Apple has plans to do this? Kevin Adams Adams@IntelliCorp.Com -------