On Sunday 20 August 2006 05:26am, Rahul wrote: > Arthur Pemberton wrote: > > I second that, however I would suggest going further and having > > somethign denyhosts like in place or are we going with the assumption > > that anyone owning a FC installation will be setting a good password, > > or a weak password with the knowledge that SSHd is running? > > passwd program has checks in place to ensure that poor passwords are > rejected and yes if you have the root password on the system there is a > question of common sense too. Yeah, well, the standard checks that passwd does aren't all that great. They'll only cover the weakest of weak passwords and not in all possible ways either. It's rather trivial to modify a weak password so that it gets by this. Mind you, I'm talking about Fedora's default configuration, here; cracklib can be configured to make things better. Perhaps we should consider *a small amount* of tightening of this default configuration. -- Lamont R. Peterson <lamont gurulabs com> Senior Instructor Guru Labs, L.C. [ http://www.GuruLabs.com/ ] NOTE: All messages from this email address should be digitally signed with my 0xDC0DD409 GPG key. It is available on the pgp.mit.edu keyserver as well as other keyservers that sync with MIT's.
Description: PGP signature