Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Feb 03, 2015 at 02:10:31PM -0600, Les Mikesell wrote:
> I'd just rather see them applying their expertise to actually making
> the code resist brute-force password attacks instead of stopping the
> install until I pick a password that I'll have to write down because
> they think it will take longer for the brute-force attack to succeed
> against their weak code.

Also, it isn't up to the *installer* to set up a system that resists
brute-force password attacks.  That's a job for the default
configuration files in OpenSSH, GDM, KDM, and any other software
product that reads the password database.  All the installer can do is
read in the plain-text password, check to make sure it passes a
minimum policy, then crypt it and put it in the shadow file.

There are certainly things that could change, like having the pam
configuration have pam_faillock on by default.  But I tend to think
that having brute-force resistance *AND* slightly better password
security should be the goal, not one to the exclusion of the other. 

-- 
Jonathan Billings <billings@xxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux