Is Cracklib really required in the OS image?
C. Scott Ananian
cscott at laptop.org
Fri Jul 18 17:09:28 EDT 2008
On Fri, Jul 18, 2008 at 3:18 PM, Stephen John Smoogen <smooge at gmail.com> wrote:
> On Fri, Jul 18, 2008 at 1:13 PM, C. Scott Ananian <cscott at laptop.org> wrote:
>> On Fri, Jul 18, 2008 at 2:05 PM, Gary C Martin <gary at garycmartin.com> wrote:
>>> On 18 Jul 2008, at 18:24, Michael Stone wrote:
>>>> We'd like to kill it but haven't gotten to it yet. Please help if you
>>>> can! (Talk to dgilmore, dsd, and cscott for advice).
>>> Well other than weakly noting that the build logs seem to suggest PAM
>>> is currently pulling in Cracklib; and that some googling suggest that
>>> Cracklib is only an optional component of PAM; I might go as far as
>>> removing Crack lib from my B4 XO and see if it fries anything else in
>>> an obvious way (and post the results here).
>> Help appreciated!
> cracklib is used by pam_cracklib which comes into pam. It is in the
> general files /etc/pam.d/system-auth, /etc/pam.d/system-auth-ac. Does
> removing this impact the BitFrost specification?
> system-auth:password requisite pam_cracklib.so try_first_pass retry=3
> system-auth-ac:password requisite pam_cracklib.so try_first_pass retry=3
Bitfrost assumes that the kids are likely too young to set passwords.
It aims to provide good security w/o passwords.
Cracklib helps users chose "good" passwords *if they speak English*.
It is completely useless for non-English XOs.
( http://cscott.net/ )
More information about the Devel