On 2013-12-30 23:15:06 +0800 (+0800), Thomas Goirand wrote: > On 12/30/2013 02:55 PM, li-zheming wrote: > [...] > > I consider that it must be limited when set password, like this: > > 1. inlcude uppper and lower letters > > 2. include nums > > 3. include particular symbol,such as '_','&' > > 4. the length>8 > > administor can set the password rule. [...] > If you just force me to add upper+lower case and add symbols, then > you are just annoying me even with my very good passwords. [...]
I think cracklib (or similar) integration as an optional rule, along with those listed above, would be great... I'd even say docs should recommend doing it "the right way" with an entropy checker rule rather than those other arbitrary checks. However, support for them is still useful because some operators very well may be hamstrung by cargo-cult "best practices" requirements like that baked into their corporate security policies (so they'll need to be able to support such schemes no matter how backward it might seem). -- Jeremy Stanley _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
