Introduction to libpwquality
The libpwquality package provides
common functions for password quality checking and also scoring
them based on their apparent randomness. The library also provides
a function for generating random passwords with good
pronounceability.
This package is known to build and work properly using an LFS 12.2
platform.
Package Information
libpwquality Dependencies
Required
CrackLib-2.10.2
Recommended
Linux-PAM-1.6.1
Installation of libpwquality
Install libpwquality by running
the following commands:
./configure --prefix=/usr \
--disable-static \
--with-securedir=/usr/lib/security \
--disable-python-bindings &&
make &&
pip3 wheel -w dist --no-build-isolation --no-deps --no-cache-dir $PWD/python
This package does not come with a test suite.
Now, as the root
user:
make install &&
pip3 install --no-index --find-links=dist --no-cache-dir --no-user pwquality
Command Explanations
--disable-python-bindings
:
This parameter disables building Python bindings with the
deprecated python3 setup.py
build command. The explicit instruction to build
the Python 3 binding with the pip3
wheel command is provided.
Configuring libpwquality
libpwquality is intended to be a
functional replacement for the now-obsolete pam_cracklib.so
PAM module. To configure the
system to use the pam_pwquality
module, execute the following commands as the root
user:
mv /etc/pam.d/system-password{,.orig} &&
cat > /etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password
# check new passwords for strength (man pam_pwquality)
password required pam_pwquality.so authtok_type=UNIX retry=1 difok=1 \
minlen=8 dcredit=0 ucredit=0 \
lcredit=0 ocredit=0 minclass=1 \
maxrepeat=0 maxsequence=0 \
maxclassrepeat=0 gecoscheck=0 \
dictcheck=1 usercheck=1 \
enforcing=1 badwords="" \
dictpath=/usr/lib/cracklib/pw_dict
# use yescrypt hash for encryption, use shadow, and try to use any
# previously defined authentication token (chosen password) set by any
# prior module.
password required pam_unix.so yescrypt shadow try_first_pass
# End /etc/pam.d/system-password
EOF
Contents
Installed Programs:
pwscore and pwmake
Installed Libraries:
pam_pwquality.so and
libpwquality.so
Installed Directories:
/usr/lib/python3.11/site-packages/pwquality-1.4.5.dist-info
Short Descriptions
pwmake
|
is a simple configurable tool for generating random and
relatively easily pronounceable passwords
|
pwscore
|
is a simple tool for checking quality of a password
|
libpwquality.so
|
contains API functions for checking the password quality
|
pam_pwquality.so
|
is a Linux PAM module
used to perform password quality checking
|