[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Tue, Sep 04, 2007 at 02:50:25PM -0600, Dwayne C. Litzenberger wrote:
> How about a Debian policy that enumerates the specific cases where 
> passwords are allowed to be used for authentication, and states that 
> password authentication must be disabled by default for everything else?
> If you design the system so that it doesn't trust passwords much to begin 
> with, you don't have to care about how strong the passwords are.
Because not everyone has the luxury of always working from a place where
keys can be effectively managed and used.  Personally, *none* of my
systems allow password logins from the network.  However, that needs to
be a decision for the individual admin.

Think about it.  Someone sets up a box and then heads over to a friend's
house.  He wants to SCP some stuff over.  No password authentication?
Oops.  Too bad.  I don't think that will work without driving away



Roberto C. Sánchez

Attachment: signature.asc
Description: Digital signature

Reply to: