https://bugs.kde.org/show_bug.cgi?id=477495
Bug ID: 477495
Summary: Allowing a minimum policy
Classification: Applications
Product: systemsettings
Version: 5.27.9
Platform: Manjaro
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: kcm_users
Assignee: plasma-b...@kde.org
Reporter: es204904...@gmail.com
CC: uhh...@gmail.com
Target Milestone: ---
Passwords are usually the weakest link on a system security wise.
So probably it would be a good idea if creating an user through System Settings
will warn if their password was weak or common.
This could be done through libpwquality. System Settings just needed to abide
to the policy defined at "/etc/security/pwquality.conf".
Calamares already implements it like this:
-
https://github.com/calamares/calamares/blob/calamares/src/modules/users/CheckPWQuality.h
-
https://github.com/calamares/calamares/blob/calamares/src/modules/users/CheckPWQuality.cpp
And here's the manual:
- https://man.archlinux.org/man/pwquality.conf.5.en
An the settings that would meet NIST recommendations:
retry=10
minlen=9
maxrepeat=3
maxsequence=3
usersubstr=4
enforce_for_root
--
You are receiving this mail because:
You are watching all bug changes.
