Bug 853220

Summary:	LiveCD: Password QC policy on minimal install CD impedes use while providing no real security
Product:	Gentoo Linux	Reporter:	Jonathan Plews <pl3w5y>
Component:	Current packages	Assignee:	Gentoo Release Team <releng>
Status:	RESOLVED OBSOLETE
Severity:	minor	CC:	bkohler
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Jonathan Plews 2022-06-20 16:35:08 UTC

Hi,

In practical use the passwordcq settings on the liveCD do not seem appropriate - password complexity should be the choice of the user based on their situation.

on the liveCD, sshd is not enabled by default, and while it is modified to accept passwords for root, with that password being scrambled I don't see the benefit of forcing such complexity for a temporary system that will often also be in a safe network, or not up long enough for even weak passwords to be brute forced.

enforce=users would work, but in general I doesn't seem to make sense that the utility is installed on the livecd at all.

Comment 1 Ben Kohler gentoo-dev

2022-06-20 16:45:03 UTC

Can you tell us what livecd ISO you are using? We have disabled passwdqc on pambase last week for some of them, but not all.

Comment 2 Jonathan Plews 2022-06-21 09:02:33 UTC

Everything is good using install-amd64-minimal-20220619T170540Z, but I was using 20220605 and it was the same about 9 months ago - sorry for not testing with a fresh download, it looks like passwd= boot options is working again now too. Thanks :)