On Fri, 26 Jun 2015 16:21:02 -0400 Matthias Clasen <mclasen@xxxxxxxxxx> wrote: > But passwords and passphrases are not all the same shape or color - > the requirements for a password you want to use for ssh login over the > internet are quite different from ones for a shared account used by > all family members, or a passphrase that you use to protect your > diary in your home directory. > > How does a single common policy make sense for such wildly different > use cases ? > > Your list of applications looks like you are really only interested in > passwords for local user accounts, though. If that is the case, please > make that clear in the description. Side note: IMHO, we should remove and stop using the term 'password'. It evokes back to the early days of UNIX where you had to choose a 8 character or less 'word' to gain access to something. All our tools can and should use much longer phrases. And yes, you are right there's different needs for different things and I was focusing on local uses. (Local logins, luks, etc) I'll see if I can clarify the change page for that. thanks. > [...] > > > The applications involved in this change should be at least: > > * anaconda - sets initial root and user passphrases/passwords. > > * passwd - command line utility that changes passphrases/passwords. > > * initial-setup - sets up users if they were not setup in anaconda. > > You should add gnome-control-center to this list. Good idea. Will do so. > > * libpwquality - doesn't set passwords, but should be used in > > common for quality checking in a consistent manner. > > All of the applications that you are listing are already using > libpwquality, which has not really helped to move us to a consistent > user experience in this area. We should evaluate if libpwquality is > really suitable for what we need here. Well, I think there's some confusion on how to actually "use" libpwquality. There are basically no docs and I think it's being used different ways in different cases. But yes, if it doesn't meet needs we could look at alternatives. I am hopeful we can better use it or adjust it and keep using it, but we will see. kevin
Attachment:
pgph3KMQPIige.pgp
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
