On Pá, 2015-06-26 at 14:53 -0600, Kevin Fenzi wrote:
> On Fri, 26 Jun 2015 16:21:02 -0400
> Matthias Clasen <mcla...@redhat.com> wrote:
>
> > But passwords and passphrases are not all the same shape or color -
> > the requirements for a password you want to use for ssh login over the
> > internet are quite different from ones for a shared account used by
> > all family members, or a passphrase that you use to protect your
> > diary in your home directory.
> >
> > How does a single common policy make sense for such wildly different
> > use cases ?
> >
> > Your list of applications looks like you are really only interested in
> > passwords for local user accounts, though. If that is the case, please
> > make that clear in the description.
Yes, I agree with Matthias, that we should be concerned about local user
accounts in this change because different uses of passwords (or
passphrases) have different requirements for strength.
> Side note: IMHO, we should remove and stop using the term
> 'password'. It evokes back to the early days of UNIX where you had to
> choose a 8 character or less 'word' to gain access to something. All
> our tools can and should use much longer phrases.
There is nothing particularly wrong with passwords and multiple word
passphrases are not particularly better. It really depends on situation
and on the particular password or passphrase chosen.
>
> > > * libpwquality - doesn't set passwords, but should be used in
> > > common for quality checking in a consistent manner.
> >
> > All of the applications that you are listing are already using
> > libpwquality, which has not really helped to move us to a consistent
> > user experience in this area. We should evaluate if libpwquality is
> > really suitable for what we need here.
>
> Well, I think there's some confusion on how to actually "use"
> libpwquality. There are basically no docs and I think it's being used
> different ways in different cases. But yes, if it doesn't meet needs we
> could look at alternatives. I am hopeful we can better use it or adjust
> it and keep using it, but we will see.
I understand that as a request to write some simple how-to-use document
for libpwquality and not a request to drop it altogether and use
instead ... what?
Note also that libpwquality is highly configurable and for things that
can not be configured currently a configuration can be easily added.
That means that libpwquality can be used for various passwords, not only
for the system accounts. You can simply create and set different
configuration files for different password uses.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
