On Mon, Sep 12, 2011 at 10:49, seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > On Mon, 2011-09-12 at 10:40 -0600, Kevin Fenzi wrote: > >> Some random thoughts/considerations: >> >> * We could also change fas password requirements at this time. >> We have: https://fedorahosted.org/fedora-infrastructure/ticket/2804 >> where we agreed with: >> >> - Nine or more characters with lower and upper case letters, digits and >> punctuation marks. >> >> - Ten or more characters with lower and upper case letters and digits. >> >> - Twelve or more characters with lower case letters and digits. > > So - I am sure I'm not the only one who does this - but how about > mandating pass PHRASES and make the minimum length be 40 characters? > > Mary_had_a_little_lamb_whose_fleece_was_white_as_snow would work just > fine and should be substantially harder to crack :) > (/me is all about making friends today, apparently) My only issue with that is making sure that the hashing method allows for it. Finding out that it stops at 16 characters for some reason means a lot of wasted typing. In the end, I would say that having to type in 40 characters every time my window times out on Fedora Community or admin would make me grumpy after the 4th login in a day. > > >> * Users who fail to meet the deadline would be marked 'inactive' ? What >> would they need to do to re-activate? Just login and upload a new >> key/change password? > > well "login" might be hard. I suspect we just nuke their ssh keys so > they cannot login to any shell w/o first getting into the fas. Agreed. -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure