On Tue, Mar 6, 2012 at 5:58 AM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > On Mar 5, 2012, at 8:37 PM, Chuck Anderson wrote: > >> On Mon, Mar 05, 2012 at 08:35:11PM -0700, Chris Murphy wrote: >>> passwd keeps complaining "The password fails the dictionary check - >>> it is too simplistic" for fake words NOT in the dictionary but >>> otherwise too simple for passwd's approval system. >> >> I think you can just ignore passwd's warning in this case, it doesn't >> stop you from going ahead and using the simple password (unless >> something changed in F17). > > Aha. So if I use passwd with liveuser, it says after three tries: > passwd: Have exhausted maximum number of retries for service > > And does not change the passwd. But if I su to root, it still complains once, but does change the password after the Retype entry. > > NEVERTHELESS. It's idiotic babysitting. And stupid that I need root to do this mundane task. I wonder how many developer man hours were required for this functionality. UNIX didn't have these defaults originally; they were added in the 90's only after real-world experience has shown that these policies are necessary (and they have been pretty much unchanged for the last 10-15 years, AFAIK). Yes, we can fiddle with the tuning, but there's no way to make everybody happy all the time. root can always change the policy in /etc/pam.d/system-auth. (and FWIW, regarding the "hullop130" password, a quick grep shows that "hullo" is in the dictionary, and cracklib may have additional rules or ways to arrive at the password from a different dictionary word). Mirek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
