Bug#867114: live-installer: debian live-installer does not check for password complexity
Package: live-installer
Version: live-installer/53
Severity: important
Dear Maintainer,
Download the ISO: (Any Live Image will work)
https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-
live-9.0.1-amd64-gnome.iso
Step 1:
Burn the ISO to a DVD or Mount it in Gnome Boxes
Step 2:
Start completing the install and stop on the user/root screen (where you enter
in a password).
Step 3:
Set the root password to "debian" and hit next.
- You will notice that the installer does not check for complexity in any
password given. Is ROOT not supposed to be secured?
Set the user password to "debian" and hit next.
- You will notice that the installer does not check for complexity in any
password given. Is the User not supposed to be secured?
Expected Outcome:
A. It would also help if during the install it could check for normal
complexity (Uppercase, Lowercase, and Symbol) on both the User and Root
passwords.
B. It would help if during the install their could be a choice for enabling
sudo for the User now that I see sudo is installed by default.
- To extend it would help if on servers the local user is able to ssh in along
with root (being an option).
Feedback in Question in thinking about B:
Root should only be used for emergency situations. Even giving the user sudo
access I can see their may be a problem. I wish there was some intergration in
the installer that would jail down what a user needs to do and make that more
of a standard practice (ex. use jails) by default vs trying to use root or
sudo.
-- System Information:
Debian Release: 9.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: