query_single_password() {
	ANSWER_OK=false
	while [ "$ANSWER_OK" != "true" ]; do
		read -s -p "# Please enter password (Note: Password will not be shown): " PASS1
		echo
		read -s -p "# Please enter password again: " PASS2
		echo
		if [[ "$PASS1" == "$PASS2" && "$PASS1" != "" ]]; then
			ANSWER_OK=true
		else
			echo "# Password mismatch or password empty!"
			echo "#"
		fi
		echo "#"
		echo "# By the way, the cracklib password checker says: $(echo "$PASS1" | cracklib-check | cut -f 2- -d " ")."
	done

}

query_passwords() {
	ANSWER_OK=n
	while [ "$ANSWER_OK" != "y" ]; do
		echo "#"
		echo "# Please enter appropriate passwords."
		echo "#"
		echo "# We will setup an user called 'openslx', so we need a password."
		echo "# This user is just a non-root system user for menial tasks."
		query_single_password
		OPENSLX_PASS="$PASS1"
		echo "#"
		echo "# We do also need a password for mysql's root user."
		echo "# This user will be needed for database installation etc, but not for daily work."
		query_single_password
		MYSQL_ROOT_PASS="$PASS1"
		echo "#"
		echo '# We will setup a mysql user "openslx", so we need another password.'
		echo "# This is the database user for the satellite configuration admin interface."
		query_single_password
		MYSQL_OPENSLX_PASS="$PASS1"
		echo "#"
		echo "# Now, on to the needed mysql user 'sat' - you guessed it; we need a password."
		echo "# This user will be the work horse for the bwLehrpool Suite database."
		query_single_password
		MYSQL_SAT_PASS="$PASS1"
		echo "#"
		echo -n "# Everything in order? Please press 'y' to continue; any other key to re-enter passwords: "
		read -p "" -n1 -s ANSWER_OK
		echo "$ANSWER_OK"
	done
	# Activate this only for debugging purposes...
	# echo "OPENSLX_PASS=$OPENSLX_PASS"			>> "$CONFIGDIR"/config
	# echo "MYSQL_ROOT_PASS=$MYSQL_ROOT_PASS"		>> "$CONFIGDIR"/config
	# echo "MYSQL_OPENSLX_PASS=$MYSQL_OPENSLX_PASS"		>> "$CONFIGDIR"/config
	# echo "MYSQL_SAT_PASS=$MYSQL_SAT_PASS"			>> "$CONFIGDIR"/config
}

generate_password() {
	local password="$(< /dev/urandom tr -dc A-Za-z0-9_ | head -c${1:-16};)"
	echo "$password"
}

# This routine has to be used only in conjunction with the prepare_firstrun-script, which
# will enforce the setting of good passwords on first root login after server start.
set_passwords() {
	echo -n "# Setting passwords..."
	OPENSLX_PASS="$(generate_password)"
	MYSQL_ROOT_PASS="$(generate_password)"
	MYSQL_OPENSLX_PASS="$(generate_password)"
	MYSQL_SAT_PASS="$(generate_password)"
	
	# Keep in mind the passwords stored here will be valid only temporary,
	# as they will be changed by the dropper script.
	# If you need the permanently valid password, you will need to 
	# decrypt static_files/new_passwords.encrypted.
	echo "OPENSLX_PASS=$OPENSLX_PASS"			>  "$CONFIGDIR"/config
	echo "MYSQL_ROOT_PASS=$MYSQL_ROOT_PASS"			>> "$CONFIGDIR"/config
	echo "MYSQL_OPENSLX_PASS=$MYSQL_OPENSLX_PASS"		>> "$CONFIGDIR"/config
	echo "MYSQL_SAT_PASS=$MYSQL_SAT_PASS"			>> "$CONFIGDIR"/config
	echo "ok."
}

set_version_string() {
	echo -n "# Setting version string..."
	echo 'VERSION="'$VERSION'"'	>> "$CONFIGDIR"/config
	echo "ok."
}