Re: RFC: changes to default password strength checks in pam_unix
On Mon, Sep 03, 2007 at 09:30:34AM +0200, Petter Reinholdtsen wrote:
> [Steve Langasek]
> > Does anyone else have a reasoned argument why Debian should have a
> > weaker password length check than upstream (4 chars instead of 6)?
> > If not, this will be changed in the next upload of pam.
> I've been told that the schools using Debian Edu in lower grades pick
> very simple and short passwords for the kids, and this will become
> harder if the minimum lenght is increased. Thought it was best to
> bring that up publicly.
> I am not sure if these schools practice is a good idea, nor if it
> should be allowed in the future, but it should at least be part of the
> background when the change is considered.
Right, I know there are going to be use cases where 6 is too long for the
minimum length, and users will need to lower the setting in
/etc/pam.d/common-password. Do you think we need to provide some hook for
these Debian Edu users to change the setting automatically, via preseeding
or otherwise, or do you think users this is a corner case even within Debian
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.