Re: RFC: changes to default password strength checks in pam_unix
On Tue, 4 Sep 2007 14:50:25 -0600, "Dwayne C. Litzenberger"
>On most of my boxes, passwords are useless for anything except local
>authentication, and even for that, they aren't used much.
>How about a Debian policy that enumerates the specific cases where
>passwords are allowed to be used for authentication, and states that
>password authentication must be disabled by default for everything else?
IMO, it's better to leave that policy at a local level, determined by
local admins. Excessive legislation at a federal level is undesirable