Hello.
I wrote a password checking feature implement by shell script in function.sh.
I attached a patch which name is passwd_check.patch.
This logic checks these.
1. The password length should be more than four.
2. The password shouldn't equal login account.
3. The password shouldn't contain login account.
e.g. root's password doesn't allow these password.
"root123"
"123Root"
"1ROOT23"
4. The password should contain lower cases, upper cases, numbers.
I'm not sure that people wants to use it.
so, I set a debconf priority low.
Cheers,
--
/*
* Masami Ichikawa
* mailto: [EMAIL PROTECTED]
* : [EMAIL PROTECTED]
*/
Index: functions.sh
===================================================================
--- functions.sh (revision 47257)
+++ functions.sh (working copy)
@@ -39,3 +39,53 @@
return 1
}
+
+# Returns a true value if password seems to be a safety.
+chkpasswd ()
+{
+ user=$1
+ passwd=$2
+
+ user_len=`echo $user | wc -c`
+ passwd_len=`echo $passwd | wc -c`
+
+ # password length should be bigger than four.
+ if test $passwd_len -lt 5; then
+ return 0
+ fi
+
+ # password shouldn't be a login account.
+ if test "$user" = "$passwd"; then
+ return 0
+ fi
+
+ # password shouldn't contain login account.
+ ret=`echo $passwd | grep -ci $user`
+ if test $ret = 1; then
+ if test $passwd_len -ge $user_len; then
+ return 0
+ fi
+ fi
+
+ # The password should be this structure.
+ # 1) contain lower char and upper char
+ # 2) contain lower char and digit
+ # 3) contain upper char and digit
+ # 4) contain lower char and upper char and digit
+
+ ret=`echo $passwd | grep -c [a-z]`
+ num=$ret
+
+ ret=`echo $passwd | grep -c [A-Z]`
+ num=$(($num+$ret))
+
+ ret=`echo $passwd | grep -c [0-9]`
+ num=$(($num+$ret))
+
+ if test $num -lt 2; then
+ return 0
+ fi
+
+ return 1
+
+}
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates (revision 47257)
+++ debian/user-setup-udeb.templates (working copy)
@@ -43,6 +43,12 @@
Please enter the same root password again to verify that you have typed it
correctly.
+Template: passwd/chkpasswd
+Type: boolean
+Default: false
+_Description: : Check a password?
+ Safety password will make secure system.
+
Template: passwd/make-user
Type: boolean
Default: true
@@ -110,6 +116,12 @@
You entered an empty password, which is not allowed.
Please choose a non-empty password.
+Template: user-setup/chkpasswd-bad
+Type: error
+_Description: The password does not seem safety.
+ The password you entered is not look safety.
+ Please mix the capital letter, the small letter, and numbers with the password.
+
Template: passwd/shadow
Type: boolean
Default: true
Index: user-setup-ask
===================================================================
--- user-setup-ask (revision 47257)
+++ user-setup-ask (working copy)
@@ -37,6 +37,8 @@
db_input low passwd/shadow || true
# Ask if root should be allowed to login.
db_input medium passwd/root-login || true
+ # Ask if user wants to check a password
+ db_input low passwd/chkpasswd || true
;;
1)
db_get passwd/root-login
@@ -63,6 +65,9 @@
# root password will be locked
db_set passwd/root-password-again ""
elif ! root_password; then
+ db_get passwd/chkpasswd || true
+ PW_CHK="$RET"
+
# First check whether the root password was preseeded crypted
db_get passwd/root-password-crypted || true
if ! test "$RET" ; then
@@ -78,6 +83,16 @@
STATE=0
continue
fi
+ if [ "$PW_CHK" = true ]; then
+ if `chkpasswd "root" "$ROOT_PW"`; then
+ db_fset user-setup/chkpasswd-bad seen false
+ db_input critical user-setup/chkpasswd-bad
+ db_fset passwd/root-password seen false
+ db_fset passwd/root-password-again seen false
+ STATE=0
+ continue
+ fi
+ fi
db_get passwd/root-password-again
if [ "$ROOT_PW" != "$RET" ]; then
db_fset user-setup/password-mismatch seen false
@@ -192,6 +207,19 @@
STATE=6
continue
fi
+ if [ "$PW_CHK" = true ]; then
+ if `chkpasswd "$USER" "$USER_PW"`; then
+ db_set passwd/user-password ""
+ db_set passwd/user-password-again ""
+ db_fset user-setup/chkpasswd-bad seen false
+ db_input critical user-setup/chkpasswd-bad
+ db_fset passwd/user-password seen false
+ db_fset passwd/user-password-again seen false
+ STATE=6
+ continue
+ fi
+ fi
+
fi
fi
;;
