On my systems, I like to use 12-character, alphanumeric, lowercase passwords which exclude the letters L and O.

Here's what I'm now using:

openssl rand -base64 1000 | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]" | tr -d "lo" | cut -c 1-12

Notes:

• I suppose 'grep -m12 \w' is much more succinct than using piped 'tr's, but I find this way easier to understand.
• Even using a base64 string a thousand characters long, there is a chance (albeit an EXTREMELY small one) that this method could fail to yield the requested 12 characters. For a manual p/w generation process like this, I doubt this should be a problem.
• I realize that limiting the number of allowable characters in a p/w reduces security. However, for me it's always been a fine balance between getting users to stick with randomly generated passwords and not making it too hard for them to type or read. Even with these limitations, a 12-char p/w as generated above yields 61 bits of entropy ( = log((36-numOfCharsExcluded)^passwordLength)/log(2) ), which isn't that great but still better than having users choose their own passwords that are invariably too short and often easy to guess. :-)