On Sep 28, 2012, at 6:27 AM, "Spencer R. Shimko" <[email protected]> wrote:
> Is anyone strongly bound to pam_cracklib? The reason I ask is that the prose > and OVAL checks are currently written for pam_cracklib. pam_cracklib doesn't > enforce complexity requirements on UID 0. pam_passwdqc can enforce password > complexity requirements on root with the "enforce=everyone" option. Many > requirement sets do not differentiate between privilege users and > unprivileged users in the I&A sections. As a result I'd like to switch to > passwdqc. Unless there is opposition we'll put together a patch to make the > switch. We've used pam_passwdqc on a RHEL 6.2 based cross domain system with no certification issues. joe _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
