Michael Catanzaro wrote:
> The status quo is that we are not in compliance with FESCo's policy
> [1], which clearly applies to all tools that change passwords and not
> just anaconda, but we can't change anything in GNOME until libpwquality
> stops blocking weak passwords via its PAM module, since we ultimately
> shell out to passwd to implement that (for auditability).
The right fix there is to just remove the libpwquality PAM module by
default. Enabling such a thing should only be done by the local system
administrator.
> But there is one more issue. FESCo's policy actually requires that only
> admin users (wheel users, including the initial user account) would be
> able to set weak passwords, and that unprivileged users should be
> blocked from doing so.
And I agree with Chris Murphy that that policy is utter nonsense.
Even if I want to set my password to the empty string, that is my choice. It
is a perfectly valid password for some use cases. (For what it's worth, I
actually use a non-empty password, but Anaconda considers even that "weak".
But I do not want to give more details here, and most definitely not the
password itself, for obvious reasons.)
Kevin Kofler
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
