Re: cracklib password check

[Chris Hamilton <chris@ambigc.com>]

PAM was put in ROCK a couple of year ago, it is of course optional, but 
that is the nature of ROCK.  It didn't have it mostly due to complexity 
issues because it was hard to make things optional back then.

Keith Matthews wrote:

>On Tue, 5 Apr 2005 10:24:30 -0700
>"Henry B. Hotz" <hotz@jpl.nasa.gov> wrote:
>
>  
>
>>On Apr 4, 2005, at 11:49 PM, Chris Hamilton wrote:
>>
>>    
>>
>>>Well I am curious if this work is of some real use.  If there is a  
>>>better a place to run checks instead of directly against the KDC,
>>>then  I'll not bother.  Most Unix-likes have PAM, so I figure that
>>>is where  most people would place checks(otherwise, why wouldn't
>>>someone have  done this earlier?) in that environment.
>>>      
>>>
>>Linux IMO over-uses PAM, but a password management entry is standard. 
>> 
>>
>>    
>>
>
>Correction - some Linux distros over-use PAM, some refuse to use it at
>all (Slackware and Rock being examples that come immediately to mind).
>
>Pat V's reasons for not using it are reported as a combination of
>disliking the complexity it introduces and a dislike of it's somewhat
>spotty security history.
>
>  
>