On 2013-12-30 23:15:06 +0800 (+0800), Thomas Goirand wrote:
> On 12/30/2013 02:55 PM, li-zheming wrote:
> [...]
> > I consider that it must be limited when set password, like this:
> >       1. inlcude uppper and lower letters
> >       2. include nums
> >       3. include particular symbol´╝îsuch as  '_','&'
> >       4. the length>8
> > administor can set the password rule.
> If you just force me to add upper+lower case and add symbols, then
> you are just annoying me even with my very good passwords.

I think cracklib (or similar) integration as an optional rule, along
with those listed above, would be great... I'd even say docs should
recommend doing it "the right way" with an entropy checker rule
rather than those other arbitrary checks. However, support for them
is still useful because some operators very well may be hamstrung by
cargo-cult "best practices" requirements like that baked into their
corporate security policies (so they'll need to be able to support
such schemes no matter how backward it might seem).
Jeremy Stanley

OpenStack-dev mailing list

Reply via email to