On Fri, Sep 06, 2013 at 03:08:54PM +0200, Tomas Mraz wrote:
The other option would be to fix the gzip support in cracklib to
cache
the unpacked data somehow. However that would require to keep the
unpacked dictionary in RAM when cracklib is loaded, which is suboptimal
as well. Or we could make the cracklib-dicts optional somehow so it is
possible to install an ultra small cloud image without the dictionary at
all - I expect ultra small cloud image not needing password quality
checking at all.
Yes, that's
https://bugzilla.redhat.com/show_bug.cgi?id=865521 :)
"Optional somehow" is easy -- make "cracklib-dicts-full" and
"cracklib-dicts-small" and make them both provide "cracklib-dicts".
(The small could consist of some list of N most common passwords, plus
N most common words in N languages, where all of the Ns are chosen to keep
the filesize to 100k or so.)
Somewhat ironically, I bet we could compress that 100k without much of a
performance hit, too. :)
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm(a)fedoraproject.org>