registry team mailing list archive

Thread
Date

[Bug 619532] Re: Allow user to set preferred password

To: registry@xxxxxxxxxxxxxxxxxxx
From: Steve Langasek <steve.langasek@xxxxxxxxxxxxx>
Date: Wed, 18 Aug 2010 22:50:10 -0000
Reply-to: Bug 619532 <619532@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Has already been closed as invalid in Debian. :) explanation from that
closure message:

> If you set your password as root, as is done at install time, you can set
> as weak of a password as you want.  If you set it as a normal user, you are
> constrained by the password strength checking requirements that are in
> place.  This is not a bug, this is the intended behavior.

> You can disable these strength checks by removing the 'obscure' option to
> pam_unix in /etc/pam.d/common-password.

Ubuntu may wish to allow admin users to set weaker passwords, but that
should be implemented at a different level than in the pam package
(i.e., handled in the desktop account management tools).

Alternatively, the installer could invoke pam as the target user instead
of as root, in order to apply the same strength checks on initial
account creation as at later password changes, but that would seem to be
contrary to your goal of being allowed to set a weak password.

** Changed in: pam (Ubuntu)
       Status: Incomplete => Invalid

-- 
Allow user to set preferred password
https://bugs.launchpad.net/bugs/619532
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for NULL Project.