On Mon, 17 Dec 2007, Jeremy Katz wrote:
The problem is that it's really hard to give good guidance on a
"minimally-strong" password. And doing a series of dialogs is no better
than just one -- the people that are going to bypass the recommendation
are still going to do so, they're just going to be more annoyed about it
and complain more
I agree. I do not believe Anaconda is the right place to enforce password
strength policies. Every organization has its own policy on passwords
(strength, how often to change, etc.) and trying to put a policy in
Anaconda is sure to conflict with somebody's policy and generate
complaints.
The only way to not conflict with others' policies is not to have a
policy.
Furthermore, since you can use the encrypted password in a kickstart file
password --iscrypted $1$abc....
how can you check the strength? If a box gets rooted, Anaconda could get
blamed for not warning the user of a weak password.
Jeff Bastian
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
