On Tue, 2015-06-23 at 12:21 -0400, Jan Kurik wrote:
= Proposed Self Contained Change: Standardized Passphrase Policy = https://fedoraproject.org/wiki/Changes/Standardized_passphrase_policy
Change owner(s):
- Kevin Fenzi <kevin at scrye dot com>
- David Cantrell <dcantrell at redhat dot com>
- Tomas Mraz <tmraz at redhat dot com>
Currently a number of places ask users to set passphrases/passwords. Some of them enforce some kind of rules for passphrases/passwords, others different rules. This change would create a common base policy for as many of these applications as possible, allowing for local users or products to override this base in cases they need to do so.
But passwords and passphrases are not all the same shape or color - the requirements for a password you want to use for ssh login over the internet are quite different from ones for a shared account used by all family members, or a passphrase that you use to protect your diary in your home directory.
How does a single common policy make sense for such wildly different use cases ?
Your list of applications looks like you are really only interested in passwords for local user accounts, though. If that is the case, please make that clear in the description.
[...]
The applications involved in this change should be at least:
- anaconda - sets initial root and user passphrases/passwords.
- passwd - command line utility that changes passphrases/passwords.
- initial-setup - sets up users if they were not setup in anaconda.
You should add gnome-control-center to this list.
- libpwquality - doesn't set passwords, but should be used in common
for quality checking in a consistent manner.
All of the applications that you are listing are already using libpwquality, which has not really helped to move us to a consistent user experience in this area. We should evaluate if libpwquality is really suitable for what we need here.