#!/bin/sh -e

echo "Setting lockout threshold and duration"
if [ "$cpch_DRY_RUN" -eq 0 ]; then
	echo 'auth required pam_tally2.so deny=5 onerr=fail unlock_time=1800' | tee -a /etc/pam.d/common-auth |
		if [ "$cpch_VERBOSITY" -gt 0 ]; then cat; fi
fi

apt-get $APT_FLAGS install libpam-cracklib

unix_cracklib_sed_script="s/\(pam_unix\.so.*\)$/\1 remember=5 minlen=8/
s/\(pam_cracklib\.so.*\)$/\1 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/"

if [ "$cpch_DRY_RUN" -eq 0 ]; then
	sed --in-place=.bak -e "$unix_cracklib_sed_script" /etc/pam.d/common-password
	if [ "$cpch_VERBOSITY" -gt 0 ]; then
		diff /etc/pam.d/common-password /etc/pam.d/common-password.bak
	fi
else
	sed -e "$unix_cracklib_sed_script" /etc/pam.d/common-password | if [ "$cpch_VERBOSITY" -gt 0 ]; then
		diff /etc/pam.d/common-password -; fi
fi
