From 67dd6aca5672f709260058e074d4066472d6e8ab Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Mon, 29 Sep 2014 12:03:00 +0100
Subject: [PATCH] Enforce good passwords

---
 install-freedombone.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/install-freedombone.sh b/install-freedombone.sh
index 5b85549e..8a3fd546 100755
--- a/install-freedombone.sh
+++ b/install-freedombone.sh
@@ -317,6 +317,17 @@ function remove_default_user {
   fi
 }
 
+function enforce_good_passwords {
+  # because humans are generally bad at choosing passwords
+  if grep -Fxq "enforce_good_passwords" $COMPLETION_FILE; then
+      return
+  fi
+  apt-get -y --force-yes install libpam-cracklib
+
+  sed -i 's/password	requisite			pam_deny.so/password    requisite   pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password
+  echo 'enforce_good_passwords' >> $COMPLETION_FILE
+}
+
 function change_login_message {
   if grep -Fxq "change_login_message" $COMPLETION_FILE; then
       return
@@ -3414,6 +3425,7 @@ change_debian_repos
 enable_backports
 configure_dns
 initial_setup
+enforce_good_passwords
 install_editor
 change_login_message
 update_the_kernel