Introduction to libpwquality
The libpwquality package provides
common functions for password quality checking and also scoring
them based on their apparent randomness. The library also provides
a function for generating random passwords with good
pronounceability.
Note
Development versions of BLFS may not build or run some packages
properly if LFS or dependencies have been updated since the most
recent stable versions of the books.
Package Information
libpwquality Dependencies
Required
CrackLib-2.10.3
Recommended
Linux-PAM-1.7.0
Installation of libpwquality
Install libpwquality by running
the following commands:
./configure --prefix=/usr \
--disable-static \
--with-securedir=/usr/lib/security \
--disable-python-bindings &&
make &&
pip3 wheel -w dist --no-build-isolation --no-deps --no-cache-dir $PWD/python
This package does not come with a test suite.
Now, as the root
user:
make install &&
pip3 install --no-index --find-links=dist --no-cache-dir --no-user pwquality
Command Explanations
--disable-python-bindings
:
This parameter disables building Python bindings with the
deprecated python3 setup.py
build command. The explicit instruction to build
the Python 3 binding with the pip3
wheel command is provided.
Configuring libpwquality
libpwquality is intended to be a
functional replacement for the now-obsolete pam_cracklib.so
PAM module. To configure the
system to use the pam_pwquality
module, execute the following commands as the root
user:
mv /etc/pam.d/system-password{,.orig} &&
cat > /etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password
# check new passwords for strength (man pam_pwquality)
password required pam_pwquality.so authtok_type=UNIX retry=1 difok=1 \
minlen=8 dcredit=0 ucredit=0 \
lcredit=0 ocredit=0 minclass=1 \
maxrepeat=0 maxsequence=0 \
maxclassrepeat=0 gecoscheck=0 \
dictcheck=1 usercheck=1 \
enforcing=1 badwords="" \
dictpath=/usr/lib/cracklib/pw_dict
# use yescrypt hash for encryption, use shadow, and try to use any
# previously defined authentication token (chosen password) set by any
# prior module.
password required pam_unix.so yescrypt shadow try_first_pass
# End /etc/pam.d/system-password
EOF
Contents
Installed Programs:
pwscore and pwmake
Installed Libraries:
pam_pwquality.so and
libpwquality.so
Installed Directories:
/usr/lib/python3.11/site-packages/pwquality-1.4.5.dist-info
Short Descriptions
pwmake
|
is a simple configurable tool for generating random and
relatively easily pronounceable passwords
|
pwscore
|
is a simple tool for checking quality of a password
|
libpwquality.so
|
contains API functions for checking the password quality
|
pam_pwquality.so
|
is a Linux PAM module
used to perform password quality checking
|