[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Mon, Sep 03, 2007 at 09:30:34AM +0200, Petter Reinholdtsen wrote:

> [Steve Langasek]
> > Does anyone else have a reasoned argument why Debian should have a
> > weaker password length check than upstream (4 chars instead of 6)?
> > If not, this will be changed in the next upload of pam.

> I've been told that the schools using Debian Edu in lower grades pick
> very simple and short passwords for the kids, and this will become
> harder if the minimum lenght is increased.  Thought it was best to
> bring that up publicly.

> I am not sure if these schools practice is a good idea, nor if it
> should be allowed in the future, but it should at least be part of the
> background when the change is considered.

Right, I know there are going to be use cases where 6 is too long for the
minimum length, and users will need to lower the setting in
/etc/pam.d/common-password.  Do you think we need to provide some hook for
these Debian Edu users to change the setting automatically, via preseeding
or otherwise, or do you think users this is a corner case even within Debian
Edu?

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/
Reply to: