From 636fb54564f05ee69d8cc753f47dae8dcf912523 Mon Sep 17 00:00:00 2001
From: Simon Quigley <simon@tsimonq2.net>
Date: Sun, 16 Feb 2025 18:05:13 -0600
Subject: [PATCH] [users] Set allowWeakPasswords and allowWeakPasswordsDefault
 to false for all three flavors, but add some basic password recommendations
 based on NIST standards, warning if the password falls outside of that.

---
 debian/changelog               |  8 ++++++++
 kubuntu/modules/users.conf     | 10 +++++++++-
 lubuntu/modules/users.conf     |  2 +-
 ubuntuunity/modules/users.conf | 10 +++++++++-
 4 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ab40dc5..5c8b4b0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+calamares-settings-ubuntu (1:25.04.13) UNRELEASED; urgency=medium
+
+  * [users] Set allowWeakPasswords and allowWeakPasswordsDefault to false for
+    all three flavors, but add some basic password recommendations based on
+    NIST standards, warning if the password falls outside of that.
+
+ -- Simon Quigley <tsimonq2@ubuntu.com>  Sun, 16 Feb 2025 17:55:11 -0600
+
 calamares-settings-ubuntu (1:25.04.12) plucky; urgency=medium
 
   * [Lubuntu] Update password requirements to match NIST recommendations.
diff --git a/kubuntu/modules/users.conf b/kubuntu/modules/users.conf
index 0eb6cf2..725a11a 100644
--- a/kubuntu/modules/users.conf
+++ b/kubuntu/modules/users.conf
@@ -13,8 +13,16 @@ defaultGroups:
       system: true
     - sudo
 passwordRequirements:
-    minLength: 1
+    minLength: 8
     maxLength: -1
+    libpwquality:
+        - minlen=8
+        - maxrepeat=3
+        - maxsequence=3
+        - usersubstr=4
+        - badwords=linux
+allowWeakPasswords: false
+allowWeakPasswordsDefault: false
 # Explicitly set the shell instead of deferring to Calamares. We have a platform
 # expectation derived from Ubuntu here.
 user:
diff --git a/lubuntu/modules/users.conf b/lubuntu/modules/users.conf
index e0163b1..cd032e9 100644
--- a/lubuntu/modules/users.conf
+++ b/lubuntu/modules/users.conf
@@ -21,7 +21,7 @@ passwordRequirements:
         - maxsequence=3
         - usersubstr=4
         - badwords=linux
-allowWeakPasswords: true
+allowWeakPasswords: false
 allowWeakPasswordsDefault: false
 # Explicitly set the shell instead of deferring to Calamares. We have a platform
 # expectation derived from Ubuntu here.
diff --git a/ubuntuunity/modules/users.conf b/ubuntuunity/modules/users.conf
index 0eb6cf2..725a11a 100644
--- a/ubuntuunity/modules/users.conf
+++ b/ubuntuunity/modules/users.conf
@@ -13,8 +13,16 @@ defaultGroups:
       system: true
     - sudo
 passwordRequirements:
-    minLength: 1
+    minLength: 8
     maxLength: -1
+    libpwquality:
+        - minlen=8
+        - maxrepeat=3
+        - maxsequence=3
+        - usersubstr=4
+        - badwords=linux
+allowWeakPasswords: false
+allowWeakPasswordsDefault: false
 # Explicitly set the shell instead of deferring to Calamares. We have a platform
 # expectation derived from Ubuntu here.
 user: