[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Some Problems with Lenny


On Sonntag, 10. Januar 2010, Klaus Ade Johnstad wrote:
> > 1.) Using LWAT: I can't change 'manual' the password of a user. When
> >  I  search user, click on it and press the button 'New Password', an
> >  textfield appears, propose me a new password. But I can't change the
> >  password, because editing is disabled (grey coloured, like the field
> >  'username'). But this was possible using etch. Is this a bug or a
> >  feature?
> This is a feature, most sysadmins can't set proper secure passwords :-)

Aehm, no. The passwords generated by lwat per default are very simple ones, 
suited for children 3-6 of age, at maximum.

Just last week there was a teacher in #debian-edu whose account was repeatetly 
compromised, most probably due to using weak passwords generated by lwat. At 
least he didnt come back after I suggested to use a password generated 
with "pwgen -s 12" :-)

Also see "#457840 please provide alternative pwgen function in lwat".

IMO we (=Debian Edu) should change the behaviour of (upstream) lwat, that is 
to set $allowPwSet = true by default.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: