I am not a developer but, > 6) Currently, CrackLib cannot be integrated into LFS using BLFS > instructions without adding Linux-PAM also.
Surely that is a reason for modifying a section of BLFS. > Even if you simply install the CrackLib package, Shadow would have > to be recompiled to use the now-installed CrackLib libraries and the > CRACKLIB_DICTPATH parameter modified in the /etc/login.defs file. The "Your distro, your rules" mantra seems to break horribly if you add-in Linux-PAM and CrackLib to LFS. How does someone who doesn't want it take it out. The more you add, the harder it becomes to make it "your distro". Furthermore, adding extra packages also plants the idea in the mind of the reader that things aren't "optional" to LFS. Are there going to be instructions explaining how to leave it out if "your distro" doesn't want/need it ? If there are, then does it really need to be in. One of the main features about LFS I have always found appealing is that there is so little that can be left out of the "chosen" packages, if ones wishes to do anything with the LFS systems other than test out the instructions in the book. Even the use of *more secure* MD5-sum passwords seems to be there as part of an "add-on" sed command applied after the shadow packages has been "installed" and that the savvy reader/installer can ignore if they wish or by comig to understand the process, add in later. It strikes me that CrackLib merely there to enforce a policy that an installer might wish to see in place, very much an aftermarket add-on then. > 7) See #1. LFS should attempt to provide readers with a stable > (which it already does) and *secure* system. Adding CrackLib is > a step in the right direction (one of the biggest things which > can be done) in securing the system. LFS already builds a fine stable system from which the reader/installer can take it anywhere they wish. If they want to secure it beyond where the LFS ends, then they can go beyond the LFS and make it more secure. If LFS is going to be *secure*, then personally I hope you guys get rid of most of the inetutils clients and stick "OpenSSL" and "OpenSSH" into LFS, and add "iptables" as well. Now, I doubt you will but I would be willing to guess that the reasons many of you would put up for not doing so, will probably be as equally valid a set of reasons for not adding CrackLib into LFS. Just my threepen'th. -- Regards, ---------------------------------------------------------------------- * Kevin M. Buckley e-mail: [EMAIL PROTECTED] * * * * Systems Administrator * * Computer Centre * * Lancaster University Voice: +44 (0) 1524 5 93718 * * LANCASTER. LA1 4YW Fax : +44 (0) 1524 5 25113 * * England. * * * * My PC runs Linux/GNU, you still computing the Bill Gate$' way ? * ---------------------------------------------------------------------- -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
