On Wed, February 4, 2015 17:55, Warren Young wrote:>
> But of course the same people fighting this move to more secure
> password minima are the same ones that turn off SELinux.
>
Ah. Sorry, NO.
First, we are not talking about a more secure password minima. We are
discussing an arbitrary change made to an installer program that
adversely impacts usability and that only has a tenuous connection to
security on a production system. A change which assumes that people
installing RHEL systems lack the competence to alter system account
passwords subsequent to installation.
Second, while I have serious concerns with the delusions respecting
security that this fascination with 'strong' passwords evidences I do
not turn off SELinux on any of my production servers. Excepting one
which to date I have been unable to get to run the critical
(third-party) application it hosts with SELinux switched on (short of
a custom module which effectively gives http access to the whole host
anyway). And that server is hardened against Internet access via
other means and only runs this one application.
You need to paint with a finer brush I think.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
