Re: allowing simpler passwords

To: dsb@smart.net
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: allowing simpler passwords
From: Nathan E Norman <finn@midco.net>
Date: Mon, 6 Sep 1999 18:22:30 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.10.9909061815260.13790-100000@volta.midco.net>
In-reply-to: <[🔎] m11N2jA-000cD9C@dsb>

On Fri, 3 Sep 1999, Daniel Barclay wrote:

 : > From: Nathan E Norman <finn@midco.net>
 : > 
 : > On Thu, 2 Sep 1999, Marc Mongeon wrote:
 : > 
 : >  : How do I disable the password-checking feature of passwd?  I'm willing
 : >  : to accept moderately complex passwords that passwd wants to throw
 : >  : out.  `man passwd` gives me nothing, and I'm not certain where else to
 : >  : look-- is this the doings of PAM?
 : 
 : > RTFM passwd.c; 
 :              ^^
 : (The source code is not the FM.)

Oh?  In this case I'd say it is :)  Read on ...

 : > passwd tries to prevent lusers from
 : > using crappy passwords.  This is generally accepted as a feature.
 : 
 : Features should be controllable by the system administrator.

Lucky for the system administrator, the code is sitting RIGHT THERE,
waiting to be controlled.

I don't know any serious admins who like non-robust passwords on there
servers, but YMMV.  You could be on to something on the home PC front,
however ...

Fortunately, you or anyone else who gets a lot of heartburn over this
"feature" could change the code to make the password check optional, and
perhaps submit a patch.

I'm disappointed that no-one responded to my first solution - running
`passwd' as root gives one the option of ignoring the strength check.
In my opinion, THIS is a non-feature (but I've taken my advice and fixed
it in the code).

 : >  : It is particularly annoying because it reminds me of the Windows design
 : >  : philosophy:  "I know better than you do what you're trying to do."
 : > 
 : > Windows lets you ignore passwords altogether and isn't really known as a
 : > secure OS ...
 : 
 : How does Windows' unsecurability diminish the undesirability of the
 : design philosophy mentioned above?

It doesn't.  Sorry I brought it up (oh, that's right - I was merely
responding to the original author's pseudo-flame regarding the behavior
of `passwd'.)  Nevertheless I concede that Windows sucking does not in
any way enhance Linux. 

HAND,

--
Nathan Norman
MidcoNet  410 South Phillips Avenue  Sioux Falls, SD
mailto:finn@midco.net           http://www.midco.net
finger finn@home.midco.net for PGP Key: (0xA33B86E9)

Reply to:

References:
- Re: allowing simpler passwords
  - From: Daniel Barclay <daniel@dsb.smart.net>

Prev by Date: Re: Logitech Trackman and imwheel?
Next by Date: Re: syslogd mail
Previous by thread: Re: allowing simpler passwords
Next by thread: #!/Perl question
Index(es):
- Date
- Thread