Hi, On Sun, 29.05.2005 at 02:13:54 +0200, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> wrote: > On Tue, May 24, 2005 at 07:58:28AM +0200, Christian Perrier wrote: > > > by you, not me. It still has min/max to 4/8 and nullok on, in > > > common-password, which I definitely don't consider to be safe. > > It's up to you to convince the maintainer of libpam-runtime. So far, > > Sam appeared to me as quite wise, so these choices haven't probably be > > made without thinking.
imho there's only one reason for this, namely, to cater for legacy installations who don't use MD5 passwords. I guess (or rather hope) that this has become to be a dwindling minority case in the last few years. At least I'm not aware of any "modern" system that can't handle MD5 passwords, and I also think that MD5 passwords should be the default for any new installations. > There's no reason why passwords should be limited to 8 characteres > _specially_ if you are using MD5 (and not crypt) to store passwords which > allows for a much higher password length. ACK, and on our systems, about the first thing I do is upping the limits on password sizes. Best, --Toni++ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]