On Friday, September 28, 2012 01:27:25 PM Spencer R. Shimko wrote: > Is anyone strongly bound to pam_cracklib? The reason I ask is that the > prose and OVAL checks are currently written for pam_cracklib. pam_cracklib > doesn't enforce complexity requirements on UID 0. pam_passwdqc can enforce > password complexity requirements on root with the "enforce=everyone" > option. Many requirement sets do not differentiate between privilege users > and unprivileged users in the I&A sections. As a result I'd like to switch > to passwdqc. Unless there is opposition we'll put together a patch to make > the switch.
Yes, I would prefer to stay with pam_cracklib for a number of reasons. If there were a deficiency in it, I'd rather open a bug report and fix it. -Steve _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
