2017-12-11, 03:12
(2017-12-10, 23:25)Aux_ Wrote: Hi all,
I mean, the system can suggest that the password is weak.
But it should leave the choice to the owner - is called democracy
At the end of the day this is a consumer system and we have to consider the interests of the average user - sadly they're not all as savvy as you!
Also bear in mind that if the user enters a blank root password (which passwd would allow by default, for the root user) then the user will lock themselves out of the system because sshd by default does NOT allow a blank password, so the problem simply moves up the food chain - we'd need to alter the security profile of sshd for the handful of users that might want to enter a blank root password etc. Modifying passwd to prevent the root user from blowing their legs off really is the best option!
Besides, allowing weak/no passwords is something that an extreme minority might actually want, but don't forget we're debating a password that nobody has been able to change for the past 6+ years and not being able to use a blank or weak password is now an issue!