Heads up - Anaconda 22.17 will enforce 'good' passwords

Rick Stevens ricks at alldigital.com
Thu Feb 5 23:03:50 UTC 2015 

On 02/05/2015 01:27 PM, Scott Robbins wrote:
> On Thu, Feb 05, 2015 at 12:53:45PM -0700, Chris Murphy wrote:
>> On Thu, Feb 5, 2015 at 10:36 AM, Brian C. Lane <bcl at redhat.com> wrote:
>>
>>> Next to impossible? Really? I've find it easy to come up with passwords
>>> that work.
>>
>> You think this is easy. Other's don't. It's a condescending,
>> pointless, and unwinnable argument, and it needs to stop.
>
> You might also look at the CentOS list, which has a high percentage of
> people who, y'know, actually use this stuff to make a living.  You'll find
> that it's overwhelmingly against this.
>
>>> I don't find any of the arguments against the change to be compelling.
>
> Well, I don't find any of the arguments for a change, that will probably
> violate POLA (principle of least astonishment) at all compelling.  You're
> making the change, it is up to you to justify.
>
> This reminds me of the time when they wanted packagekit to allow any user
> to upgrade any package--even now, any user can upgrade any installed,
> signed package--and they were going to go through with it till it made the
> front page of slashdot.

I have to agree with Chris. I have absolutely no issue with the
installer _warning_ me that the password I chose is (in the INSTALLER's
opinion) weak. The installer should ABSOLUTELY NOT force me to use some
arbitrarily obscure password to satisfy its criteria.  I have very good
reasons for using the passwords I choose.

One example: We often have accounts that log in to collect data (e.g.
nagios or rancid) for monitoring purposes or config change deltas. If
the installer suddenly changes the password requirements, then the
existing systems all have to be changed to match, and the monitoring
software also has to be reconfigured. That is truly invasive. I manage
well over 400 systems spread around in three data centers and I have to
change everything because some self-righteous coder thinks my passwords
are inadequate?

All the installer should do is install a functional system. If
something comes up that may be odd, then fine, warn the user about it
but do what the user tells you to do. Leave it up to the system admins
to harden the system if they need to.

>>> We should be
>>> encouraging them to choose stronger passwords and we should remember
>>> that we're not the only people running Fedora.
>
> Yes, but most running Fedora aren't totally inexperienced.  Nor for that
> matter, are people running Mint or Ubuntu--most have at least some
> knowledge of computers, otherwise, they run Windows or OSX.

<soap>
Encouraging is one hell of a lot different than beating them over the
head and not letting them configure the system THE WAY THEY WANT IT
CONFIGURED!
</soap>
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks at alldigital.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-            "You think that's tough?  Try herding cats!"            -
----------------------------------------------------------------------

More information about the test mailing list