Shadow/CrackLib - A compromise?

Jim Gifford lfs at
Sun Aug 7 22:46:56 PDT 2005

The point is it's not needed, it's in BLFS where it belongs.

I remember you getting upset when we had OpenSSL and OpenSSH in the 
cross-lfs book for MIPS architectures, saying it was not needed, and I 
made it so it wasn't needed.

If your going to add Cracklib to the notes, you might as well add it to 
the book, while your add it add iptables and Berkeley DB they are useful 
to a system..

The bottom line is the only use for Cracklib in shadow is to make sure 
someone doesn't use a password that's in the installed dictionary. If 
you want to add better security for user logons, you need to use a 
combination of LDAP and Kerberos.

I just don't see any reason for all this hype for a way to check what a 
user uses for a password.

jim at
lfs at

LFS User # 2577
Registered Linux User # 299986

More information about the lfs-dev mailing list