[security-discuss] Password strength indicator (Was Re: [install-discuss] Comments on mockup...)
James Carlson
james.d.carlson at sun.com
Wed Jul 19 04:16:29 PDT 2006
Gary Winiger writes:
> Hummm, does the installer now use PAM here? I don't recall.
> It used to use a private implementation of "unix" crypt. I
> believe it now at least uses crypt(3C). In terms of password
> strength, it might be nice to have the installer ask about parameters
> as well as algorithm, then sites could choose and not have to
> configure post CD install. For jumpstart, it probably doesn't
> matter.
No more baffling three-headed-dog install questions, please. If we've
got a best practice for algorithms (sha256?), then make that the
default, and require the use of some sort of "expert mode" to allow
bit-fiddling.
--
James Carlson, KISS Network <james.d.carlson at sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the install-discuss
mailing list