Re: allowing simpler passwords
On Fri, 3 Sep 1999, Daniel Barclay wrote:
: > From: Nathan E Norman <firstname.lastname@example.org>
: > On Thu, 2 Sep 1999, Marc Mongeon wrote:
: > : How do I disable the password-checking feature of passwd? I'm willing
: > : to accept moderately complex passwords that passwd wants to throw
: > : out. `man passwd` gives me nothing, and I'm not certain where else to
: > : look-- is this the doings of PAM?
: > RTFM passwd.c;
: (The source code is not the FM.)
Oh? In this case I'd say it is :) Read on ...
: > passwd tries to prevent lusers from
: > using crappy passwords. This is generally accepted as a feature.
: Features should be controllable by the system administrator.
Lucky for the system administrator, the code is sitting RIGHT THERE,
waiting to be controlled.
I don't know any serious admins who like non-robust passwords on there
servers, but YMMV. You could be on to something on the home PC front,
Fortunately, you or anyone else who gets a lot of heartburn over this
"feature" could change the code to make the password check optional, and
perhaps submit a patch.
I'm disappointed that no-one responded to my first solution - running
`passwd' as root gives one the option of ignoring the strength check.
In my opinion, THIS is a non-feature (but I've taken my advice and fixed
it in the code).
: > : It is particularly annoying because it reminds me of the Windows design
: > : philosophy: "I know better than you do what you're trying to do."
: > Windows lets you ignore passwords altogether and isn't really known as a
: > secure OS ...
: How does Windows' unsecurability diminish the undesirability of the
: design philosophy mentioned above?
It doesn't. Sorry I brought it up (oh, that's right - I was merely
responding to the original author's pseudo-flame regarding the behavior
of `passwd'.) Nevertheless I concede that Windows sucking does not in
any way enhance Linux.
MidcoNet 410 South Phillips Avenue Sioux Falls, SD
finger email@example.com for PGP Key: (0xA33B86E9)