F23 Self Contained Change: Standardized Passphrase Policy
Stef Walter
stefw at redhat.com
Tue Jun 30 11:26:36 UTC 2015
On 26.06.2015 22:53, Kevin Fenzi wrote:
> On Fri, 26 Jun 2015 16:21:02 -0400
> Matthias Clasen <mclasen at redhat.com> wrote:
>
>> But passwords and passphrases are not all the same shape or color -
>> the requirements for a password you want to use for ssh login over the
>> internet are quite different from ones for a shared account used by
>> all family members, or a passphrase that you use to protect your
>> diary in your home directory.
>>
>> How does a single common policy make sense for such wildly different
>> use cases ?
>>
>> Your list of applications looks like you are really only interested in
>> passwords for local user accounts, though. If that is the case, please
>> make that clear in the description.
>
> Side note: IMHO, we should remove and stop using the term
> 'password'. It evokes back to the early days of UNIX where you had to
> choose a 8 character or less 'word' to gain access to something. All
> our tools can and should use much longer phrases.
>
> And yes, you are right there's different needs for different things and
> I was focusing on local uses. (Local logins, luks, etc) I'll see if I
> can clarify the change page for that. thanks.
>
>> [...]
>>
>>> The applications involved in this change should be at least:
>>> * anaconda - sets initial root and user passphrases/passwords.
>>> * passwd - command line utility that changes passphrases/passwords.
>>> * initial-setup - sets up users if they were not setup in anaconda.
>>
>> You should add gnome-control-center to this list.
>
> Good idea. Will do so.
Cockpit too. We use pwscore from libpwquality, FWIW.
Stef
More information about the devel
mailing list