> There are two ways to do this: > > - the hard way, like Owl [1], which implements a password checking module > (pam_passwdqc, which was written by Solar Designer) and goes even > further by proposing random passwords if the user is unable to provide > one. > > - the simple way, see attached code, which just tries to flags vulnerable > passwords
I think this is an intersting suggestion. The only drawback I see is sounding a little bit annoying to our users, especially the less skilled ones but, well, this is about security and we have to use some pedagogy..:) About the implementation, I'm not sure that I'm fond of the perl scripting, mostly because the advantage of D-I is its easy "hackability" for testing purposes.... I'd better see this integrated in user-setup-ask but my opinion does not have to be the only one here....as I'm perfectly unable to do the job, so the final decision is up to the one doing the job, I mean you, Javier.. I prefer the "simple" method which is probably enough. This will require writing a new template for warning users about weak passwords. I suggest of course a boolean one, so that people who insist on using weak password can do it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
