#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Password functions # # License # ======= # # Copyright (C) 2014-2016 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # If this file exists it contains a global password used with # disk image installs. This simplifies password management for # deployment at scale IMAGE_PASSWORD_FILE=/root/login.txt # Minimum number of characters in a password MINIMUM_PASSWORD_LENGTH=10 # The default password length used in images DEFAULT_PASSWORD_LENGTH=20 function enforce_good_passwords { # because humans are generally bad at choosing passwords if [[ $(is_completed $FUNCNAME) == "1" ]]; then return fi apt-get -yq install libpam-cracklib sed -i 's/password.*requisite.*pam_cracklib.so.*/password required pam_cracklib.so retry=2 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username/g' /etc/pam.d/common-password mark_completed $FUNCNAME } function create_password { openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c ${1} ; echo '' } # NOTE: deliberately no exit 0