[PC-BSD Testing] PC-BSD 8.2-RC1 Installation issues

Arthur Koziol A-Koziol at neiu.edu
Wed Jan 12 13:35:20 PST 2011


On 01/12/2011 3:33 PM, Lars Engels wrote:
> On Wed, Jan 12, 2011 at 04:30:38PM -0500, Kris Moore wrote:
>    
>> On 01/12/2011 16:15, LinuxBSDos.com wrote:
>>      
>>>        
>>>> Should we enforce password lengths/"complexity"? I'm a fan of the UNIX
>>>> model: Be stupid and expect stupid.
>>>>          
>>> I think it makes plenty of sense to enforce password length. Complexity,
>>> I'm not too worried about, but length, yes (don't let you mind stray from
>>> the topic ;) )!
>>>
>>> We should not make it easy for users, especially inexperienced ones, to
>>> install loosely secured systems.
>>>
>>> I have a system I installed yesterday where the root passwd is "r" and the
>>> user password is "s." That's just as bad as auto-login.
>>>
>>> I'm just happy that Kris has cleaned that bit up. That said, I think a
>>> 4-character minimum for user password is to0 low. Six to 8 should be
>>> better.
>>>
>>>
>>>        
>> Well, I made the user/root passwords a bit less strict, since a common
>> one for virtual-machines is "pcbsd" :)
>>
>>      
>>>> IIRC, SSH is disabled in PC-BSD so there shouldn't be too much worry if
>>>>          
>>> a>  user prefers 'password'.
>>>
>>> I don't think that running a network service is the sole reason for
>>> setting strong passwords. What about protecting physical access?
>>>
>>>        
>> In the case of disk-encryption, yes you want a better password. But when
>> it comes to physical access, just reboot and go to single user,
>> insta-root. (Why i use encryption on my disks now)
>>      
> In /etc/ttys change
> console none                            unknown off secure
> to
> console none                            unknown off insecure
>
> to ask for the root password before entering single user mode.
>    
WIN!


More information about the Testing mailing list