[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

Roger Leigh <rleigh@whinlatter.ukfsn.org> writes:

> Having enabled the cracklib stuff in pam_unix while testing the new
> PAM, I agree that this should remain disabled.  Many users (including
> myself) find the enforcement of all those extra checks annoying, and I
> agree with other comments that extra checks don't always result in
> more security due to tacking fixed patterns onto a shorter password.

I think you'll find that if the patterns that you use aren't ones that
cracklib knows, it *does* make the password more secure.  Why?  Because
guess how attackers try to crack passwords?  It's not like most of them
write their own password cracking software.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: