Am 10.06.2012 15:35, schrieb William Brown: > >> I'm still seeing an inconsistency between command-line and graphical. Running >> passwd as root, I can make my ordinary user password arbitrarily short (except >> for an empty password which fails with the error "passwd: Authentication token >> manipulation error" after entering it twice). With System Settings->User >> Accounts, it won't allow a password shorter than 6 characters even if the page >> is unlocked using root. (The password behavior appears identical whether or not >> the page is unlocked.) >> > > If you run passwd as your own user, compared to passwd as root changing > your user password, you will see that running passwd as your own user > will result in the same result as running the password change from > System Settings (You recieve a passwd is too short message). The only > time you can avoid the "password to short" message, is when running > passwd as root. and this is a correct behavior because security depends on the weekest part of the whole IT which would be a idiot user changing his password to "1234" i do not understand any discussion about this select a seure password or we will see sooner or later drive-by-attacks trying sudo with default passwords everybody who thinks "how should this happen" should reconsider how all the other secruity intrusions in the last few years happened while some of them did nobody imagine until it happened
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
