432299 – Password restritions on install should be relaxed

Bug 432299 - Password restritions on install should be relaxed

Summary: Password restritions on install should be relaxed

Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	anaconda
Sub Component:
Version:	5.1
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Anaconda Maintenance Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-02-11 02:57 UTC by Mike Swanson
Modified:	2008-06-12 12:40 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2008-06-12 12:40:23 UTC
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Mike Swanson 2008-02-11 02:57:02 UTC

Description of problem:
When installing RHEL/Fedora (or derivations), you are not permitted to enter 
passwords of 0-5 characters in length.  While I can understand the reason for 
this, I also feel it shouldn't be forced as so.  For example, when installing 
in a virtual machine, there is no concern of anybody breaking into the VM 
itself; choosing to use no password at all is a convenience I'm capable of 
affording.  My suggestion is instead to _warn_ users about insecure passwords 
(much like you warn about erasing an entire disk), but still _allow_ such 
passwords after a confirmation by the user.

Version-Release number of selected component (if applicable):
Used CentOS 5.1

How reproducible:
100%

Steps to Reproduce:
1. Install operating system
  
Actual results:
Blocked from using passwords of 0-5 characters in length.

Expected results:
At least warned about insecure passwords, but allow.

Additional info:

Comment 1 Joel Andres Granados 2008-04-18 15:32:50 UTC

If you install every once and a while (like normal people :), and really feel
strongly about having a len(passwd) < 5, you can run `passwd` after
installation.  I know, I know, its extra work, but its going to be extra work
anyway (pushing the "yes Im sure button" to continue install).  I just think
that the trouble of writing "123123, passwd ; ENTER ; ENTER` is more or less the
same as pushing the "I am sure" button.

If you have a setup where you have to install a lot of boxes you can put the
passwd in the ks file and then run `passwd` in %post.

Moreover we are moving towards advising the user to have a "strong" passwd
instead of the normal "6 whatever character" one.  The strong passwd is not
forced on the user, but is strongly suggested.  What you suggest goes against
this policy and is not recomended

Additionally, think of the new users that just push next at the installation and
completely miss the warning.  They, without knowing, are being exposed to bad
things happening in their systems.

Finally, IMO there are more negative things than positive in this approach.  And
considering that there will be very little gain from this change I feel very
uncomfortable implementing this it

Note You need to log in before you can comment on or make changes to this bug.