On Fri, Sep 13, 2002 at 02:12:23AM +0100, Nick Lamb wrote: > Sure enough I can't change my password to 'guess' or 'password' or > '01234567' using either the GUI or the passwd program. It's not as > friendly as Mozilla's "password goodness meter" but it will suffice. Have you tried another string of 8 digits, more randomly-looking (but obviously still very weak as all numeric-only passwords are)? That used to bypass CrackLib alone (and John the Ripper has enjoyed cracking many such passwords that have passed CrackLib checks), I don't know if pam_cracklib has additional checks against that. > Apparently there are moves afoot to replace or augment Cracklib with > Solar Designer's pam_passwdqc in some future version of Red Hat Linux. I haven't heard of that for Red Hat Linux in particular. pam_passwdqc is currently used on several other Linux distributions and it has recently been integrated into FreeBSD-current. http://www.openwall.com/passwdqc/ pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd(1). In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated passwords. All features are optional and can be (re-)configured without rebuilding. Currently supported are Linux (Linux-PAM), FreeBSD-current (OpenPAM), Solaris, and HP-UX 11+. -- /sd