#!/usr/bin/perl -w
#
# Enforce password strength. Expects a potential password in the environment
# variable CHKPASS. If the password is reasonable, exits successfully (status
# 0) without producing output.
#
# If the password is deemed weak, writes a human-readable explanation of why
# to stdout, and exits with failure (non-0) status.
#
use Data::Password qw(:all);
use strict;

my $pass = $ENV{'CHKPASS'};
my $fail;

$MINLEN=8; $MAXLEN=0; $DICTIONARY=5;
if(defined($_ = IsBadPassword($pass))) {
   $fail = "New password is too easy to guess. Reason: $_.";
   if(/contains the dictionary word/) {
      $fail .= " Hint: Make up a password using several very ".
       "short words (under five letters each), or using non-word ".
       "strings of letters. The first letter of each word in a ".
       "sentence can be a good choice.";
   } elsif(/character groups/) {
      $fail .= " Hint: Don't use all letters, all numbers or ".
       "all punctuation; try mixing at least two of these.";
   } elsif(/characters or greater/) {
      $fail .= " Hint: Try a longer password.";
   } elsif(/leading characters in sequence/) {
      $fail .= " Hint: Don't use the same character a bunch ".
       "of times in a row. Also, don't use a sequence of characters ".
       "that are arranged in a straight line on your keyboard.";
   } 
}

if(defined($fail)) {
   print $fail;
   exit 10;
}
exit 0;