On Mon, Nov 25, 2019 at 10:27 PM Ben Cotton <bcot...@redhat.com> wrote:
> https://fedoraproject.org/wiki/Changes/DisallowEmptyPasswordsByDefault > > == Summary == > Remove ''nullok'' parameter from pam_unix module in default PAM > configuration in order to disallow authentication with empty password. > > == Owner == > * Name: [[User:pbrezina| Pavel Březina]] > * Email: <pbrez...@redhat.com> > > == Detailed Description == > > Current default configuration allows users to login with an empty > password by setting nullok parameter to pam_unix module. This affects > only logins to local machine, it does not affect ssh logins as this > must be explicitly allowed in sshd_config. We want to disallow empty > password by default for local logins as well to improve system > hardening. > It makes sense to implement this functionality so that users/admins can harden their systems in this way if they prefer. But I don't think it should be the default all across Fedora. Especially in desktop space, empty passwords make sense. I think the best approach would be to provide the functionality and then let individual spins/editions enable this by default if they want (e.g. the Security spin, or Server).
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
