[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

Quoting Joey Hess (joeyh@debian.org):
> Steve Langasek wrote:
> > Arguably if the consensus is that the default minimum password length should
> > be raised in the users' best interests, we would want to change the
> > makepasswd package's default at the same time.
> And we might also want to make d-i do the same checks, currently it
> enforces no minimum lengths at all..

And, to complete that discussion, we currently have a bug report for
user-setup (the D-I component which deals with root/user creation and
password setting), which suggest to enforce some basic checks of

A proposed implementation is in that bug report and Javier Fernandes
Sanguino proposed self to try implementing something stronger.

Given the various advices given in this thread about password strength
enforcement by default, I'm not sure that we will finally implement

But, certainly, at least we could enforce the same pwd length than

Attachment: signature.asc
Description: Digital signature

Reply to: