Darren Reed wrote: > Darren J Moffat wrote: >> I'm submitting the following for community review before I start an >> ARC case on this. Time out for community review is Wednesday 14th >> November 2007. >> > > This is beyond the community review window but I haven't yet seen a > PSARC case... > >> ... >> 2) The minimum lenght will be changed from 6 to 8 >> /etc/default/passwd:PASSLENGTH=8 >> > > IMHO, this should fall into the same bucket as the password aging does. > > Those that care about it set it appropriately, introducing a new minimum > is likely to just annoy people.
8 isn't unreasonable, 6 is the current default and is far too short. Even most web forums require 8 these days. I'm sticking with 8 if you object and can give evidence of why feel free to do so in the ARC case. I don't think this is anything like default aging being on. > >> 3) Dictionary checking with crack will be enabled by default >> /etc/default/passwd:DICTIONDBDIR=/var/passwd >> > > Where will/does crack live? It is embedded inside pam_authtok_check.so.1 > And why are we adding a dictionary check in this manner, > rather than checking new passwords? It does check new passwords that is what the feature does. It isn't a new feature I'm proposing, I'm just proposing turning on something we already have that has been shipping since S9 (IIRC). -- Darren J Moffat
