[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Sat, 23 Jun 2007 20:22:19 -0600
From: Vincent Danen <vdanen@...sec.ca>
To: owl-users@...ts.openwall.com
Subject: Re: pam_passwdqc and history
* Solar Designer <solar@...nwall.com> [2007-06-24 05:39:39 +0400]:
>Vincent - thank you for asking this question on owl-users rather than
>via private e-mail to me (like some others did).
You're welcome. I wanted a "public" answer since I wanted to forward
whatever I got back to the Mandriva guys. =)
I think it's also something that might be useful to see via mailing list
archives and such.
BTW, very good answer and made me think of some things I hadn't thought
of before. I'm in complete agreement with you.
Of course, that doesn't stop legislaters from specifying they want or
need something like this, so if something like this were to make it's
way into pam_passwdqc (as, from my understanding, pam_cracklib is what
would be doing this, not pam_unix), I think it might make it more
palatable to some people (with the appropriate warnings/compile-time
disablers, etc.).
Thanks for the answer. I've forwarded it off to the Mandriva
maintainers. If nothing else, I'd like to get pam_passwdqc to replace
pam_cracklib there (not sure if I can pull off getting them to use tcb,
but we'll see).
--
Vincent Danen @ http://linsec.ca/
[ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux