Is Cracklib really required in the OS image?

C. Scott Ananian cscott at laptop.org
Fri Jul 18 17:09:28 EDT 2008


On Fri, Jul 18, 2008 at 3:18 PM, Stephen John Smoogen <smooge at gmail.com> wrote:
> On Fri, Jul 18, 2008 at 1:13 PM, C. Scott Ananian <cscott at laptop.org> wrote:
>> On Fri, Jul 18, 2008 at 2:05 PM, Gary C Martin <gary at garycmartin.com> wrote:
>>> On 18 Jul 2008, at 18:24, Michael Stone wrote:
>>>> We'd like to kill it but haven't gotten to it yet. Please help if you
>>>> can! (Talk to dgilmore, dsd, and cscott for advice).
>>>
>>> Well other than weakly noting that the build logs seem to suggest PAM
>>> is currently pulling in Cracklib; and that some googling suggest that
>>> Cracklib is only an optional component of PAM; I might go as far as
>>> removing Crack lib from my B4 XO and see if it fries anything else in
>>> an obvious way (and post the results here).
>>
>> http://dev.laptop.org/ticket/7353
>> http://dev.laptop.org/ticket/5259
>>
>> Help appreciated!
>>  --scott
>>
>
> cracklib is used by pam_cracklib which comes into pam. It is in the
> general files /etc/pam.d/system-auth, /etc/pam.d/system-auth-ac. Does
> removing this impact the BitFrost specification?
>
> system-auth:password    requisite     pam_cracklib.so try_first_pass retry=3
> system-auth-ac:password    requisite     pam_cracklib.so try_first_pass retry=3

Bitfrost assumes that the kids are likely too young to set passwords.
It aims to provide good security w/o passwords.

Cracklib helps users chose "good" passwords *if they speak English*.
It is completely useless for non-English XOs.
 --scott

-- 
 ( http://cscott.net/ )


More information about the Devel mailing list