Re: FESCO request to revert password confirmation change in F22

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi David

I am a Fedora end-user. After 55 years in IT in the largest of the large institutions (350,000 employees) and the smallest of going concerns 10 employees) as Mr Security, Mr Performance, Mr Capacity Planner, Mr Manager, Mr Owner, etc., I am in semi-retirement and I would like to briefly present my comments about password management.

People will get over the new password rule. There is no need to revert back.

I tested with the new rules.  I chose "#montreal001#montreal001".  From now on, I will use that passowrd for all my anaconda installations. I point out this decision for one reason.

In medium and large shops alike, most often a new Linux installation is given to junior technical staff to build. He is told to use a specific password and to advise the "head system administrator" as to when the system is ready for PiP (Placing/Turnover/Handover to Production).   The system builder may be in a remote location, time-zones away from head-office.

The hand-over to the system-administrator includes a mandatory password change for root and for the enrolment administrator.

After first boot, all user accounts are set up to force a password  change on a user's first login attempt. That rule is practised, strictly enforced and is a default in 99.999% of all shops. 

So, with anaconda, it matters not if the password is abc or #montreal001#montreal001. I force the users to change his/her password on their first login attempt.

As a reminder, with the  system "passwd" command, root can force any password to be accepted. And that option is a work-around to what was implemented within anaconda.

If you want to enforce better security, set-up anacondao to create root and administrator passwords that must be changed on first system login. 

There is a second reason why I defer the real password to first reboot.  I enable ±, @ £ ¢ ¬ € ¥ ¼ % ½ ¾ to be part of the new password.

The annoyance about having to type a few extra letters will pass. I find no reason to revert this part of the anaconda rules , but I would like to see implemented the "forced password change" rule.


Regards

 Leslie
Mr. Leslie Satenstein
Montréal Québec, Canada

 



_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux