#!/bin/sh -e

##########################################################################
#   Title:
#       Optional, defaults to the name of the script sans extention
#
#   Section:
#       8
#
#   Synopsis:
#       
#   Description:
#       
#   Arguments:
#       
#   Returns:
#
#   Examples:
#
#   Files:
#
#   Environment:
#
#   See also:
#       
#   History:
#   Date        Name        Modification
#   2024-11-11  Jason Bacon Add man page template and usage
##########################################################################

usage()
{
    printf "Usage: $0\n"
    exit 1
}


##########################################################################
#   Main
##########################################################################

if [ $# != 0 ]; then
    usage
fi

os_type=`auto-ostype`

case $os_type in
RHEL)
    # pam_pwquality enabled by default on RHEL/CentOS 7
    if fgrep -q 'release 6' /etc/redhat-release; then
	# Enable PAM passwdqc
	# http://www.cyberciti.biz/faq/rhel-fedora-centos-linux-password-quality-co
	yum install -y pam_passwdqc
	sed -i -E 's|pam_cracklib.so.*|pam_passwdqc.so min=disabled,disabled,16,12,10 retry=3|g' \
	/etc/pam.d/system-auth
	
	# Prevent authconfig from overwriting changes to the line modified above
	sed -i -E 's|^USECRACKLIB|# USECRACKLIB|g' /etc/sysconfig/authconfig
    elif fgrep -q 'release 7' /etc/redhat-release && \
	! fgrep -q auto-enable-passwdqc /etc/security/pwquality.conf; then
	cat << EOM >> /etc/security/pwquality.conf
	
# auto-enable-passwdqc additions
minlen = 15
minclass = 3
maxrepeat = 2
gecoscheck = 1
dcredit = 2
ucredit = 2
lcredit = 2
ocredit = 2
# End auto-enable-passwdqc

EOM
    fi
    ;;

FreeBSD)
    cd /etc/pam.d
    awk ' { if ($3 == "pam_passwdqc.so")
	    {
		printf("password\t%s\t%s\t\t%s\n", $2, $3,
		    "min=disabled,disabled,16,12,10 retry=3");
	    }
	    else
	    {
		print $0;
	    }
	}' passwd > passwd.tmp
    mv -f passwd.tmp passwd
    ;;

*)
    auto-unsupported-os $0
    exit 1
    ;;

esac
