RFC: changes to default password strength checks in pam_unix
For years, the Debian pam packages have by default had a weaker password
length requirement than upstream. I can think of no reason for this to be
the case, especially when upstream doesn't support a configurable minimum
password length and Debian does.
Does anyone else have a reasoned argument why Debian should have a weaker
password length check than upstream (4 chars instead of 6)? If not, this
will be changed in the next upload of pam.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.