Red Hat Bugzilla – Bug 432299
Password restritions on install should be relaxed
Last modified: 2008-06-12 08:40:23 EDT
Description of problem:
When installing RHEL/Fedora (or derivations), you are not permitted to enter
passwords of 0-5 characters in length. While I can understand the reason for
this, I also feel it shouldn't be forced as so. For example, when installing
in a virtual machine, there is no concern of anybody breaking into the VM
itself; choosing to use no password at all is a convenience I'm capable of
affording. My suggestion is instead to _warn_ users about insecure passwords
(much like you warn about erasing an entire disk), but still _allow_ such
passwords after a confirmation by the user.
Version-Release number of selected component (if applicable):
Used CentOS 5.1
Steps to Reproduce:
1. Install operating system
Blocked from using passwords of 0-5 characters in length.
At least warned about insecure passwords, but allow.
If you install every once and a while (like normal people :), and really feel
strongly about having a len(passwd) < 5, you can run `passwd` after
installation. I know, I know, its extra work, but its going to be extra work
anyway (pushing the "yes Im sure button" to continue install). I just think
that the trouble of writing "123123, passwd ; ENTER ; ENTER` is more or less the
same as pushing the "I am sure" button.
If you have a setup where you have to install a lot of boxes you can put the
passwd in the ks file and then run `passwd` in %post.
Moreover we are moving towards advising the user to have a "strong" passwd
instead of the normal "6 whatever character" one. The strong passwd is not
forced on the user, but is strongly suggested. What you suggest goes against
this policy and is not recomended
Additionally, think of the new users that just push next at the installation and
completely miss the warning. They, without knowing, are being exposed to bad
things happening in their systems.
Finally, IMO there are more negative things than positive in this approach. And
considering that there will be very little gain from this change I feel very
uncomfortable implementing this it