F23 Self Contained Change: Standardized Passphrase Policy
mclasen at redhat.com
Fri Jun 26 20:21:02 UTC 2015
On Tue, 2015-06-23 at 12:21 -0400, Jan Kurik wrote:
> = Proposed Self Contained Change: Standardized Passphrase Policy =
> Change owner(s):
> * Kevin Fenzi <kevin at scrye dot com>
> * David Cantrell <dcantrell at redhat dot com>
> * Tomas Mraz <tmraz at redhat dot com>
> Currently a number of places ask users to set passphrases/passwords.
> Some of them enforce some kind of rules for passphrases/passwords,
> others different rules. This change would create a common base policy
> for as many of these applications as possible, allowing for local
> users or products to override this base in cases they need to do so.
But passwords and passphrases are not all the same shape or color - the
requirements for a password you want to use for ssh login over the
internet are quite different from ones for a shared account used by all
family members, or a passphrase that you use to protect your diary in
your home directory.
How does a single common policy make sense for such wildly different
use cases ?
Your list of applications looks like you are really only interested in
passwords for local user accounts, though. If that is the case, please
make that clear in the description.
> The applications involved in this change should be at least:
> * anaconda - sets initial root and user passphrases/passwords.
> * passwd - command line utility that changes passphrases/passwords.
> * initial-setup - sets up users if they were not setup in anaconda.
You should add gnome-control-center to this list.
> * libpwquality - doesn't set passwords, but should be used in common
> for quality checking in a consistent manner.
All of the applications that you are listing are already using
libpwquality, which has not really helped to move us to a consistent
user experience in this area. We should evaluate if libpwquality is
really suitable for what we need here.
More information about the devel