freedombone/src/freedombone-utils-passwords

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Password functions
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# If this file exists it contains a global password used with
# disk image installs. This simplifies password management for
# deployment at scale
IMAGE_PASSWORD_FILE=/root/login.txt

# Minimum number of characters in a password
MINIMUM_PASSWORD_LENGTH=10

# The default password length used in images
DEFAULT_PASSWORD_LENGTH=20

function enforce_good_passwords {
    # because humans are generally bad at choosing passwords
    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
        return
    fi
    apt-get -yq install libpam-cracklib

    sed -i 's/password.*requisite.*pam_cracklib.so.*/password        required                       pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
    mark_completed $FUNCNAME
}

function create_password {
    echo "$(openssl rand -base64 32 | cut -c1-${1})"
}

# NOTE: deliberately no exit 0