[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH]Validation of root password with cracklib



On Mon, 17 Dec 2007, Jeremy Katz wrote:
The problem is that it's really hard to give good guidance on a "minimally-strong" password. And doing a series of dialogs is no better than just one -- the people that are going to bypass the recommendation are still going to do so, they're just going to be more annoyed about it and complain more


I agree. I do not believe Anaconda is the right place to enforce password strength policies. Every organization has its own policy on passwords (strength, how often to change, etc.) and trying to put a policy in Anaconda is sure to conflict with somebody's policy and generate complaints.

The only way to not conflict with others' policies is not to have a policy.

Furthermore, since you can use the encrypted password in a kickstart file
  password --iscrypted $1$abc....
how can you check the strength? If a box gets rooted, Anaconda could get blamed for not warning the user of a weak password.

Jeff Bastian


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]