[CentOS] Fedora change that will probably affect RHEL

Tue Jul 28 23:17:55 UTC 2015
Chris Murphy <lists at colorremedies.com>

On Tue, Jul 28, 2015 at 4:34 PM, Warren Young <wyml at etr-usa.com> wrote:

> That’s only true if the majority of people will in fact override the default policy.

The current behavior in Fedora and CentOS lets you click Done twice
and bypass the weak password complaint.

>  But as I have repeatedly pointed out here, the stock rules really are not that onerous.  They basically encode best practices established 20 years ago.

In order to protect a system that's Internet facing with
challengeresponseauth (rather than PKA), the minimum password quality
would need to be at least initially onerous. Whereas if things are
properly configured such that ssh is only used internally, all you
have to worry about are internal attacks which are hopefully rather

Chris Murphy