commit 14ca0001ba8cc0d41c5a60c61b75af53269a34b1
author Bertrand Gouny <bertrand.gouny@osixia.net> Thu Aug 01 17:39:26 2019 +0200
committer Bertrand Gouny <bertrand.gouny@osixia.net> Thu Aug 01 17:39:26 2019 +0200
tree 22dfa7b1bb906c4f424f2914975bd8c36a3ec67a
parent 2771c1b4da47960670b847759bfe74fd28715d71

add pqChecker

CHANGELOG.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ab33ba..8c7c170 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@
 ## Added
   - Support for docker secrets #325. Thanks to @anagno !
   - Add DISABLE_CHOWN environment variable #240
+  - pqChecker lib to check passwords strength with ppolicy pwdCheckModule
 
 ### Fixed
   - Fix of incorrectly positioned 'log-helper debug' command #327. Thanks to @turcan !

image/Dockerfile

diff --git a/image/Dockerfile b/image/Dockerfile
index 80f8949..f51e43f 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -5,6 +5,9 @@
 ARG LDAP_OPENLDAP_GID
 ARG LDAP_OPENLDAP_UID
 
+ARG PQCHECKER_VERSION=2.0.0
+ARG PQCHECKER_MD5=c005ce596e97d13e39485e711dcbc7e1
+
 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 # If explicit uid or gid is given, use it.
 RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi \
@@ -18,17 +21,24 @@
 #          https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/download.sh
 RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && apt-get -y update \
     && /container/tool/add-service-available :ssl-tools \
-	  && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get -t stretch-backports install -y --no-install-recommends \
-       ldap-utils \
-       libsasl2-modules \
-       libsasl2-modules-db \
-       libsasl2-modules-gssapi-mit \
-       libsasl2-modules-ldap \
-       libsasl2-modules-otp \
-       libsasl2-modules-sql \
-       openssl \
-       slapd \
-       krb5-kdc-ldap \
+    && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get -t stretch-backports install -y --no-install-recommends \
+    ca-certificates \
+    curl \
+    ldap-utils \
+    libsasl2-modules \
+    libsasl2-modules-db \
+    libsasl2-modules-gssapi-mit \
+    libsasl2-modules-ldap \
+    libsasl2-modules-otp \
+    libsasl2-modules-sql \
+    openssl \
+    slapd \
+    krb5-kdc-ldap \
+    && curl -o pqchecker.deb -SL http://www.meddeb.net/pub/pqchecker/deb/8/pqchecker_${PQCHECKER_VERSION}_amd64.deb \
+    && echo "${PQCHECKER_MD5} *pqchecker.deb" | md5sum -c - \
+    && dpkg -i pqchecker.deb \
+    && rm pqchecker.deb \
+    && apt-get remove -y --purge --auto-remove curl ca-certificates \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*