On 17 February 2017 at 11:42, danrl wrote:
> We are trying to make passwords on LEDE a tiny bit more secure by refusing
> weak or short (read: less than 6 characters) passwords.
>
> Please see related discussion over here, where the inconsistencies were
> discovered:
> https://github.com/openwrt
What the... This discussion has become a bit out of hand!
My goal was to have consistency at LuCI and CLI. I see how enforcing passwords
of a particular kind, as well as enforcing passwords at all, is not an
engineering decision. I have no problem with this patch being rejected.
So, since we de
y.
- Eric
Original message
From: David Lang
Date: 2/17/17 07:52 (GMT-05:00)
To: Alberto Bursi
Cc: lede-dev@lists.infradead.org
Subject: Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords
On Fri, 17 Feb 2017, Alberto B
On Fri, 17 Feb 2017, Alberto Bursi wrote:
On 02/17/2017 12:52 PM, David Lang wrote:
On Fri, 17 Feb 2017, Alberto Bursi wrote:
And having no password is a much bigger change than having a short
password when you are testing things. It makes a lot of sense to be
excercising the password routine
Alberto Bursi [2017-02-17 12:08:03]:
> Btw, for console access (serial or TTL or whatever) there is no login
> even if you have set a password afaik.
BTW, it's a config option, you can enable it:
$ uci set system.@system[0].ttylogin='1'
-- ynezz
___
On 02/17/2017 12:52 PM, David Lang wrote:
> On Fri, 17 Feb 2017, Alberto Bursi wrote:
>
> And having no password is a much bigger change than having a short
> password when you are testing things. It makes a lot of sense to be
> excercising the password routine when doing tests, and very little
>
On 02/17/2017 12:51 PM, John Crispin wrote:
>
>
> regardless of you liking my use case or not its still a NAK
>
> John
>
Who cares, really. I just posted my opinion.
-Alberto
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.i
On 17/02/2017 12:35, Alberto Bursi wrote:
>
>
> On 02/17/2017 12:26 PM, John Crispin wrote:
>>
>>
>> On 17/02/2017 12:16, Dan Lüdtke wrote:
>>> Hi David,
>>>
>>> thanks for the fast response!
>>>
On 17 Feb 2017, at 11:54, David Lang wrote:
But deciding that you know better than the a
On Fri, 17 Feb 2017, Alberto Bursi wrote:
On 02/17/2017 12:26 PM, John Crispin wrote:
On 17/02/2017 12:16, Dan Lüdtke wrote:
Hi David,
thanks for the fast response!
On 17 Feb 2017, at 11:54, David Lang wrote:
But deciding that you know better than the admin of the system is not.
Not th
On 17.2.2017 12.42, danrl wrote:
We are trying to make passwords on LEDE a tiny bit more secure by refusing weak
or short (read: less than 6 characters) passwords.
Please see related discussion over here, where the inconsistencies were
discovered:
https://github.com/openwrt/luci/pull/878
Not
On Fri, 17 Feb 2017, Dan Lüdtke wrote:
Hi David,
thanks for the fast response!
On 17 Feb 2017, at 11:54, David Lang wrote:
But deciding that you know better than the admin of the system is not.
Not that I am a fan of telling admins what to do, but do you see any chance
that we can get an
On 02/17/2017 12:26 PM, John Crispin wrote:
>
>
> On 17/02/2017 12:16, Dan Lüdtke wrote:
>> Hi David,
>>
>> thanks for the fast response!
>>
>>> On 17 Feb 2017, at 11:54, David Lang wrote:
>>> But deciding that you know better than the admin of the system is not.
>>
>> Not that I am a fan of tel
On 17/02/2017 12:16, Dan Lüdtke wrote:
> Hi David,
>
> thanks for the fast response!
>
>> On 17 Feb 2017, at 11:54, David Lang wrote:
>> But deciding that you know better than the admin of the system is not.
>
> Not that I am a fan of telling admins what to do, but do you see any chance
> th
Hi David,
thanks for the fast response!
> On 17 Feb 2017, at 11:54, David Lang wrote:
> But deciding that you know better than the admin of the system is not.
Not that I am a fan of telling admins what to do, but do you see any chance
that we can get an consistent and enforceable approach to
On Fri, 17 Feb 2017, danrl wrote:
Date: Fri, 17 Feb 2017 11:42:14 +0100
From: danrl
To: lede-dev@lists.infradead.org
Cc: Dan Luedtke
Subject: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords
Hi devs,
We are trying to make passwords on LEDE a tiny bit more secure by refusing
This patches the busybox passwd source so that even root is not allowed to set
a weak (too short) password. This enables us to define a minimum password length
that is consistent over graphical interfaces (e.g. LuCI) and CLI.
Signed-off-by: Dan Luedtke
---
.../utils/busybox/patches/900-prevent-w
Hi devs,
We are trying to make passwords on LEDE a tiny bit more secure by refusing weak
or short (read: less than 6 characters) passwords.
Please see related discussion over here, where the inconsistencies were
discovered:
https://github.com/openwrt/luci/pull/878
Here is what the patch change
17 matches
Mail list logo
