FESCo Meeting Minutes (2015-03-04)
Miloslav Trmač
mitr at redhat.com
Sat Mar 7 00:40:21 UTC 2015
> Note that in upstream bug #735578 I have failed to build consensus on
> any form of password strength checking, let alone the strict checking
> that is done by libpwquality, so there is little chance at this point of
> GNOME upstream adhering to any policy you come up with. The status quo
> is that if libpwquality is in the PAM stack, as on Fedora, then
> gnome-initial-setup is broken, and we will probably change
> gnome-control-center to break as well (by not enforcing the password
> strength check that PAM will enforce).
(Ah, this is the mail I wanted to reply to, sorry. Just for the record, then:)
Consider a client enrolled in AD/IPA. Then password policies are much more important than for a local-only account, and we _need_ gnome-control-center (and gnome-initial-setup if it can be used to change passwords or create IPA accounts) to enforce them. Perhaps the Workstation default configuration of libpwquality should be fairly lax, I don’t know, I haven’t looked in to this. But inappropriate default configuration is not a sufficient reason not to have enforcement in there.
Mirek
More information about the devel
mailing list