Torvalds:requiring root password for mundane things is moronic

Miloslav Trma─Ź mitr at volny.cz
Wed Mar 7 13:29:24 UTC 2012


On Tue, Mar 6, 2012 at 5:58 AM, Chris Murphy <lists at colorremedies.com> wrote:
> On Mar 5, 2012, at 8:37 PM, Chuck Anderson wrote:
>
>> On Mon, Mar 05, 2012 at 08:35:11PM -0700, Chris Murphy wrote:
>>> passwd keeps complaining "The password fails the dictionary check -
>>> it is too simplistic" for fake words NOT in the dictionary but
>>> otherwise too simple for passwd's approval system.
>>
>> I think you can just ignore passwd's warning in this case, it doesn't
>> stop you from going ahead and using the simple password (unless
>> something changed in F17).
>
> Aha. So if I use passwd with liveuser, it says after three tries:
> passwd: Have exhausted maximum number of retries for service
>
> And does not change the passwd. But if I su to root, it still complains once, but does change the password after the Retype entry.
>
> NEVERTHELESS. It's idiotic babysitting. And stupid that I need root to do this mundane task. I wonder how many developer man hours were required for this functionality.

UNIX didn't have these defaults originally; they were added in the
90's only after real-world experience has shown that these policies
are necessary (and they have been pretty much unchanged for the last
10-15 years, AFAIK).  Yes, we can fiddle with the tuning, but there's
no way to make everybody happy all the time.  root can always change
the policy in /etc/pam.d/system-auth.

(and FWIW, regarding the "hullop130" password, a quick grep shows that
"hullo" is in the dictionary, and cracklib may have additional rules
or ways to arrive at the password from a different dictionary word).
   Mirek


More information about the devel mailing list