Re: RFC: changes to default password strength checks in pam_unix

To: debian-curiosa@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: RFC: changes to default password strength checks in pam_unix
From: Bernd Zeimetz <bernd@bzed.de>
Date: Mon, 03 Sep 2007 16:53:28 +0200
Message-id: <[🔎] 46DC1FE8.8000202@bzed.de>
In-reply-to: <[🔎] 200709030833.14667.wjl@icecavern.net>
References: <20070902194736.GA10366@dario.dodds.net> <20070903063759.GA32498@zoetekouw.net> <49468.82.215.34.9.1188803235.squirrel@wm.kinkhorst.nl> <[🔎] 200709030833.14667.wjl@icecavern.net>

>> I agree with Bas here: I'm all for removing the Debian deviation from
>> upstream, so please go ahead with that, but raising it further is not
>> necessarily a useful thing to do. I can easily think of a 6-char password
>> that is a lot more difficult to guess than an 8 char one.
> 
> Especially when the most common response I've seen to a system saying that a 
> password is not long enough is to start adding easily guessable extension 
> strings to the password the user already picked, NOT to sit back down and 
> think up a better, intrinsicly longer password:

that's what libpam-cracklib is for.

-- 
Bernd Zeimetz
<bernd@bzed.de>                         <http://bzed.de/>

Reply to:

References:
- Re: RFC: changes to default password strength checks in pam_unix
  - From: "Wesley J. Landaker" <wjl@icecavern.net>

Prev by Date: Re: RFC: changes to default password strength checks in pam_unix
Next by Date: Re: Why no Opera?
Previous by thread: Re: RFC: changes to default password strength checks in pam_unix
Next by thread: Re: Why no Opera?
Index(es):
- Date
- Thread