853220 – LiveCD: Password QC policy on minimal install CD impedes use while providing no real security

Bug 853220 - LiveCD: Password QC policy on minimal install CD impedes use while providing no real security

Summary: LiveCD: Password QC policy on minimal install CD impedes use while providing ...

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Release Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-06-20 16:35 UTC by Jonathan Plews
Modified:	2022-06-21 09:02 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jonathan Plews 2022-06-20 16:35:08 UTC

Hi,

In practical use the passwordcq settings on the liveCD do not seem appropriate - password complexity should be the choice of the user based on their situation.

on the liveCD, sshd is not enabled by default, and while it is modified to accept passwords for root, with that password being scrambled I don't see the benefit of forcing such complexity for a temporary system that will often also be in a safe network, or not up long enough for even weak passwords to be brute forced.

enforce=users would work, but in general I doesn't seem to make sense that the utility is installed on the livecd at all.

Comment 1 Ben Kohler gentoo-dev

2022-06-20 16:45:03 UTC

Can you tell us what livecd ISO you are using? We have disabled passwdqc on pambase last week for some of them, but not all.

Comment 2 Jonathan Plews 2022-06-21 09:02:33 UTC

Everything is good using install-amd64-minimal-20220619T170540Z, but I was using 20220605 and it was the same about 9 months ago - sorry for not testing with a fresh download, it looks like passwd= boot options is working again now too. Thanks :)