[users] Set allowWeakPasswords and allowWeakPasswordsDefault to false for all three flavors, but add some basic password recommendations based on NIST standards, warning if the password falls outside of that.

2025-03-03 23:31:08 +00:00 · 2025-02-16 18:05:13 -06:00 · 2025-02-16 18:05:13 -06:00 · 636fb54564
commit 636fb54564
parent 15de561729
4 changed files with 27 additions and 3 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,11 @@
+calamares-settings-ubuntu (1:25.04.13) UNRELEASED; urgency=medium
+
+  * [users] Set allowWeakPasswords and allowWeakPasswordsDefault to false for
+    all three flavors, but add some basic password recommendations based on
+    NIST standards, warning if the password falls outside of that.
+
+ -- Simon Quigley <tsimonq2@ubuntu.com>  Sun, 16 Feb 2025 17:55:11 -0600
+
 calamares-settings-ubuntu (1:25.04.12) plucky; urgency=medium

  * [Lubuntu] Update password requirements to match NIST recommendations.
--- a/kubuntu/modules/users.conf
+++ b/kubuntu/modules/users.conf
@ -13,8 +13,16 @@ defaultGroups:
      system: true
    - sudo
 passwordRequirements:
-    minLength: 1
+    minLength: 8
    maxLength: -1
+    libpwquality:
+        - minlen=8
+        - maxrepeat=3
+        - maxsequence=3
+        - usersubstr=4
+        - badwords=linux
+allowWeakPasswords: false
+allowWeakPasswordsDefault: false
 # Explicitly set the shell instead of deferring to Calamares. We have a platform
 # expectation derived from Ubuntu here.
 user:
--- a/lubuntu/modules/users.conf
+++ b/lubuntu/modules/users.conf
@ -21,7 +21,7 @@ passwordRequirements:
        - maxsequence=3
        - usersubstr=4
        - badwords=linux
-allowWeakPasswords: true
+allowWeakPasswords: false
 allowWeakPasswordsDefault: false
 # Explicitly set the shell instead of deferring to Calamares. We have a platform
 # expectation derived from Ubuntu here.
--- a/ubuntuunity/modules/users.conf
+++ b/ubuntuunity/modules/users.conf
@ -13,8 +13,16 @@ defaultGroups:
      system: true
    - sudo
 passwordRequirements:
-    minLength: 1
+    minLength: 8
    maxLength: -1
+    libpwquality:
+        - minlen=8
+        - maxrepeat=3
+        - maxsequence=3
+        - usersubstr=4
+        - badwords=linux
+allowWeakPasswords: false
+allowWeakPasswordsDefault: false
 # Explicitly set the shell instead of deferring to Calamares. We have a platform
 # expectation derived from Ubuntu here.
 user: