Is anyone strongly bound to pam_cracklib? The reason I ask is that the prose and OVAL checks are currently written for pam_cracklib. pam_cracklib doesn't enforce complexity requirements on UID 0. pam_passwdqc can enforce password complexity requirements on root with the "enforce=everyone" option. Many requirement sets do not differentiate between privilege users and unprivileged users in the I&A sections. As a result I'd like to switch to passwdqc. Unless there is opposition we'll put together a patch to make the switch.
Thanks, --Spencer _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
