Project

General

Profile

Bug #10587

/etc/default/passwd seems outdates

Added by Hubert Garavel about 2 months ago. Updated 3 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2019-03-25
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

The settings of /etc/default/passwd need to be updated to face modern security challenges.

For instance,
PASSLENGTH=6
is much too weak. One should have at least
PASSLENGTH=10
or even
PASSLENGTH=12
as recommended in
https://www.networkworld.com/article/2726564/how-to-enforce-password-complexity-on-solaris.html

All the current definitions in /etc/default/passwd should be made strengthened
to make OpenIndiana secure by default.

History

#1

Updated by Michal Nowak 3 days ago

  • Project changed from OpenIndiana Distribution to illumos gate

This is illumos stuff. Perhaps illumos developers have thoughts in this area? Linux distributions did changes to password policies in last couple of years (e.g. Fedora refuses too simple passwords).

In general OpenIndiana does not diverge from illumos-gate.

Also available in: Atom PDF