Heads up - Anaconda 22.17 will enforce 'good' passwords

Matthias Clasen mclasen at redhat.com
Mon Feb 2 02:53:05 UTC 2015

On Fri, 2015-01-30 at 14:03 -0800, Adam Williamson wrote:

> I think the main point is the one nirik made; I don't think the devs 
> agree with your assessment of how significant this is. It's a minor 
> inconvenience; you just have to come up with a password that passes 
> the check, or use a kickstart. So I don't think they agree that it 
> needs a full-blown security audit and FESCo review or whatever, 
> because they don't think it's really that huge of a change in 
> behaviour.

Having to come up with a password that passes the check is not 'a minor
inconvenience'. Given how capricious libpwquality is about scoring
(there have been some examples in this thread, there are more in
gnome-initial-setup bugs), it is next to impossible.

This discussion has been pretty heated, but I agree with there being
some aspect of 'collective punishment' here: just because _some_ systems
get installed with sshd enabled, all users who install the Workstation
have to spend a couple of frustrating minutes trying to find a password
that gets them past this hurdle.

If this change stays, I anticipate the Workstation WG asking for a way
to the workstation installer not enforce this. I know the anaconda folks
are not eager to add variations like this, but that is exactly what we
need: If you want to enforce product-specific policy in the installer,
it needs to be a product-specific installer.

More information about the test mailing list