On Wed, February 4, 2015 17:55, Warren Young wrote: > > But of course the same people fighting this move to more secure > password minima are the same ones that turn off SELinux. > Ah. Sorry, NO. First, we are not talking about a more secure password minima. We are discussing an arbitrary change made to an installer program that adversely impacts usability and that only has a tenuous connection to security on a production system. A change which assumes that people installing RHEL systems lack the competence to alter system account passwords subsequent to installation. Second, while I have serious concerns with the delusions respecting security that this fascination with 'strong' passwords evidences I do not turn off SELinux on any of my production servers. Excepting one which to date I have been unable to get to run the critical (third-party) application it hosts with SELinux switched on (short of a custom module which effectively gives http access to the whole host anyway). And that server is hardened against Internet access via other means and only runs this one application. You need to paint with a finer brush I think. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3