Is Cracklib really required in the OS image?

C. Scott Ananian cscott at
Fri Jul 18 17:09:28 EDT 2008

On Fri, Jul 18, 2008 at 3:18 PM, Stephen John Smoogen <smooge at> wrote:
> On Fri, Jul 18, 2008 at 1:13 PM, C. Scott Ananian <cscott at> wrote:
>> On Fri, Jul 18, 2008 at 2:05 PM, Gary C Martin <gary at> wrote:
>>> On 18 Jul 2008, at 18:24, Michael Stone wrote:
>>>> We'd like to kill it but haven't gotten to it yet. Please help if you
>>>> can! (Talk to dgilmore, dsd, and cscott for advice).
>>> Well other than weakly noting that the build logs seem to suggest PAM
>>> is currently pulling in Cracklib; and that some googling suggest that
>>> Cracklib is only an optional component of PAM; I might go as far as
>>> removing Crack lib from my B4 XO and see if it fries anything else in
>>> an obvious way (and post the results here).
>> Help appreciated!
>>  --scott
> cracklib is used by pam_cracklib which comes into pam. It is in the
> general files /etc/pam.d/system-auth, /etc/pam.d/system-auth-ac. Does
> removing this impact the BitFrost specification?
> system-auth:password    requisite try_first_pass retry=3
> system-auth-ac:password    requisite try_first_pass retry=3

Bitfrost assumes that the kids are likely too young to set passwords.
It aims to provide good security w/o passwords.

Cracklib helps users chose "good" passwords *if they speak English*.
It is completely useless for non-English XOs.

 ( )

More information about the Devel mailing list