---------- Forwarded Message ----------- From: "Néstor Amigo Cairo" <[EMAIL PROTECTED]> To: "Jim Kronebusch" <[EMAIL PROTECTED]> Sent: Wed, 12 Dec 2007 19:05:47 +0100 Subject: Re: Force Strong Passwords in Ubuntu
Yes, it should be a great idea, I was thinking about it yesterday, when I was using CentOS 4 (which has it), but I don't know why it's not included. Maybe it should be just tested and implemented, and put as an option, since there should be people not interested in. But it should have the option. And... Does the Server version implement it?? It definitely SHOULD. :-S 2007/12/12, Jim Kronebusch <[EMAIL PROTECTED]>: > > I have been working on changing things over to enforce strong > passwords. I could not > find anything built in and ready to go (running Edubuntu 7.04). I did see > in > /etc/pam.d/common-password that there were references to enable cracklib, > but this > doesn't seem the most feature rich. I did a lot of reading and found > passwdqc > (http://www.openwall.com/passwdqc/) to be a very good tool for doing > this. I have it > set up and it works great at terminal with the passwd command. However > the "About Me" > tool for users to change their information does not recognize the new > features. It > works as long as I choose a password that meets the criteria, but if I > don't the change > password dialog just freezes until I quit. So I am wondering if there are > any tricks to > get this to work (the terminal will give a dialog of what criteria needs > to be met, and > if that isn't met it will give you a decent idea of why your password > didn't meet it and > let you try again). Or maybe it is only configured to work with cracklib, > and that is > why I have trouble. > > If this isn't possible currently, it seems like this would be a very good > feature to > implement in the future, especially since Edubuntu with LTSP is a > server. A gui method > to enable strong password support and to configure options would be > great. But first > the ability to integrate this with the end user password change tools > would be very nice. > > For UDS in Boston I suggested focusing on Edubuntu as not only a desktop > project, but as > a high end, high load server. This is one feature that would be along > those lines as > strong passwords in a terminal server environment is a very good idea, > especially if > opened up for outside access with SCP and such. > > Thanks, > > Jim Kronebusch > Cotter Tech Department > 453-5188 > > > -- > This message has been scanned for viruses and > dangerous content by the Cotter Technology > Department, and is believed to be clean. > > > -- > edubuntu-devel mailing list > edubuntu-devel@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel > -- Néstor Amigo Cairo +34 687 96 74 81 [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by the Cotter Technology Department, and is believed to be clean. ------- End of Forwarded Message ------- Jim Kronebusch Cotter Tech Department 453-5188 -- This message has been scanned for viruses and dangerous content by the Cotter Technology Department, and is believed to be clean.
Yes, it should be a great idea, I was thinking about it yesterday, when I was using CentOS 4 (which has it), but I don't know why it's not included. Maybe it should be just tested and implemented, and put as an option, since there should be people not interested in. But it should have the option. <br>And...<br>Does the Server version implement it?? It definitely SHOULD. :-S<br><br><br><div><span class="gmail_quote">2007/12/12, Jim Kronebusch <<a href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</a>>:</span> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I have been working on changing things over to enforce strong passwords. I could not<br>find anything built in and ready to go (running Edubuntu 7.04). I did see in<br>/etc/pam.d/common-password that there were references to enable cracklib, but this<br>doesn't seem the most feature rich. I did a lot of reading and found passwdqc<br>(<a href="http://www.openwall.com/passwdqc/";> http://www.openwall.com/passwdqc/</a>) to be a very good tool for doing this. I have it<br>set up and it works great at terminal with the passwd command. However the "About Me"<br>tool for users to change their information does not recognize the new features. It <br>works as long as I choose a password that meets the criteria, but if I don't the change<br>password dialog just freezes until I quit. So I am wondering if there are any tricks to<br>get this to work (the terminal will give a dialog of what criteria needs to be met, and <br>if that isn't met it will give you a decent idea of why your password didn't meet it and<br>let you try again). Or maybe it is only configured to work with cracklib, and that is<br>why I have trouble.<br><br> If this isn't possible currently, it seems like this would be a very good feature to<br>implement in the future, especially since Edubuntu with LTSP is a server. A gui method<br>to enable strong password support and to configure options would be great. But first <br>the ability to integrate this with the end user password change tools would be very nice.<br><br>For UDS in Boston I suggested focusing on Edubuntu as not only a desktop project, but as<br>a high end, high load server. This is one feature that would be along those lines as <br>strong passwords in a terminal server environment is a very good idea, especially if<br>opened up for outside access with SCP and such.<br><br>Thanks,<br><br>Jim Kronebusch<br>Cotter Tech Department<br>453-5188<br><br> <br>--<br>This message has been scanned for viruses and<br>dangerous content by the Cotter Technology<br>Department, and is believed to be clean.<br><br><br>--<br>edubuntu-devel mailing list<br><a href="mailto:edubuntu-devel@lists.ubuntu.com"> edubuntu-devel@lists.ubuntu.com</a><br>Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel";>https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel</a><br></blockquote></div> <br><br clear="all"><br>-- <br>Néstor Amigo Cairo<br>+34 687 96 74 81<br><a href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</a> <br />-- <br />This message has been scanned for viruses and <br />dangerous content by the Cotter Tech Department and is <br />believed to be clean.
-- edubuntu-devel mailing list edubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
