also sprach FEJES Jozsef <[email protected]> [2010.01.09.2358 +1300]: > Manually editing /etc/pam.d/common-password is not the perfect > solution. If pam_unix is the only password profile selected, then > use_authtok is not specified for it (/usr/share/pam-configs/unix > only specifies that option if it's not the initial module). So if > I want to make passwdqc work without pam-auth-update, then I first > have to add it to the beginning of common-password and then I have > to modify the pam-auth-update reserved area to add use_authtok to > pam_unix which is quite ugly, compared to how simple it would be > to provide a pam-auth-update profile for passwdqc.
The whole point of pam-auth-update is to finally provide a solution that works. And Steve did a great job. Please use it instead of trying to work around the problems it already solves. > About the contents of that pam-config file. I think that no > configuration should be specified at all, given how passwdqc is > security-related, it comes with sensible (if not overly secure) > defaults. This sounds fine to me. > So I think that an option-less, debconf-question-less pam-config > for passwdqc would just work fine and it would increase usability > of this package for average users a lot. If by that you mean that it should support pam-auth-update without any option, then we agree. Unfortunately, debconf will pop up and ask the user whether to use the module once it's installed. That's as usable as it can get though, isn't it? -- .''`. martin f. krafft <[email protected]> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
