[PC-BSD Testing] PC-BSD 8.2-RC1 Installation issues

LinuxBSDos.com finid at linuxbsdos.com
Wed Jan 12 13:15:07 PST 2011


> Should we enforce password lengths/"complexity"? I'm a fan of the UNIX
> model: Be stupid and expect stupid.

I think it makes plenty of sense to enforce password length. Complexity,
I'm not too worried about, but length, yes (don't let you mind stray from
the topic ;) )!

We should not make it easy for users, especially inexperienced ones, to
install loosely secured systems.

I have a system I installed yesterday where the root passwd is "r" and the
user password is "s." That's just as bad as auto-login.

I'm just happy that Kris has cleaned that bit up. That said, I think a
4-character minimum for user password is to0 low. Six to 8 should be
better.


> IIRC, SSH is disabled in PC-BSD so there shouldn't be too much worry if
a > user prefers 'password'.

I don't think that running a network service is the sole reason for
setting strong passwords. What about protecting physical access?

--
Fini Decima
http://LinuxBSDos.com


>
> Brodey
>
> On Wed, Jan 12, 2011 at 1:59 PM, Kris Moore <kris at pcbsd.org> wrote:
>> On 01/12/2011 03:25, LinuxBSDos.com wrote:
>>>
>>> I just started testing 8.2 RC 1, beginning naturally with the
>>> installer.
>>> You may read some of what I've found so far at
>>> http://linuxbsdos.com/forum/thread-85.html
>>>
>>> Thanks,
>>>
>>> --
>>> Fini Decima
>>> http://LinuxBSDos.com
>>>
>>
>> Read your postings, Here's what I've changed:
>>
>> * Enforced minimum password length of 6 characters for Disk Encryption
>> * Enforced minimum password length of 4 for root / user accounts
>>
>>
>> As for the other questions about needing a disk password, or additional
>> key files, thats how our geli implementation works right now. The
>> encryption scheme uses a key, which is kept in /boot/keys by default. A
>> password is optional at this point, and if used, then the encryption
>> becomes two-part.
>>
>> The reason we prompt if the user wants to use a password, is because in
>> some cases the user may only want a key file, which they will move to a
>> USB key post-install.
>>
>> Right now I don't feel the need to force FireFox on every user. Some
>> users may prefer Opera or Chromium and can install those via the
>> Software Manager post-install. Thats mostly a preference thing though :)
>>
>> I'm going to check into the Opera License text, see what the deal is
>> there :)
>>




More information about the Testing mailing list