passphrase quality
Steve VanDevender
stevev at darkwing.uoregon.edu
Sat Nov 17 09:36:21 EST 2001
Darren Moffat writes:
> >No. ssh-keygen should never be pamifed. It is worthless to do so.
> >
> >If we are going to enforce passphrase quality it should be for all OSes.
> >The world does not revolve around Linux. No matter what the press may
> >think.
>
> The Linux community didn't invent PAM, Sun did. Many more systems
> than Linux have PAM, Solaris, HP-UX some BSDs for a start.
>
> Having said that I agree with the comment ssh-keygen shouldn't be pamified,
> what you might want to do though is follow the pam model and have a
> pluggable set of rules that guide a user into choosing a good passphrase.
It occurs to me that hooking cracklib into ssh-keygen might be a more
generically useful approach, as it could be done even on systems that
don't have PAM and cracklib seems to be reasonably portable and flexible.
More information about the openssh-unix-dev
mailing list