generated from sig_core/wiki-template
Add packages/passwdqc.md
This commit is contained in:
parent
d5719a5314
commit
61a91f576c
@ -39,7 +39,7 @@ You'll normally install packages from the mirrors, which should just work. Howev
|
|||||||
### Extra packages (for EL8 and EL9)
|
### Extra packages (for EL8 and EL9)
|
||||||
|
|
||||||
- [lkrg](packages/lkrg.md) (Linux Kernel Runtime Guard)
|
- [lkrg](packages/lkrg.md) (Linux Kernel Runtime Guard)
|
||||||
- [passwdqc](https://www.openwall.com/passwdqc/) (Password/passphrase strength checking and policy enforcement)
|
- [passwdqc](packages/passwdqc.md) (Password/passphrase strength checking and policy enforcement)
|
||||||
|
|
||||||
### Extra packages (currently only for EL9)
|
### Extra packages (currently only for EL9)
|
||||||
|
|
||||||
|
36
docs/packages/passwdqc.md
Normal file
36
docs/packages/passwdqc.md
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# Extra package: passwdqc
|
||||||
|
|
||||||
|
## EL8 and EL9
|
||||||
|
|
||||||
|
- Version `2.0.3-2.el9_2.security`
|
||||||
|
- Based on upstream version `2.0.3-2` as packaged in Fedora
|
||||||
|
|
||||||
|
### Package summary
|
||||||
|
|
||||||
|
`passwdqc` is a password/passphrase strength checking and policy enforcement toolset, including a PAM module (`pam_passwdqc`), command-line programs (`pwqcheck`, `pwqfilter`, and `pwqgen`), and a library (`libpasswdqc`).
|
||||||
|
|
||||||
|
More information is available on the [passwdqc homepage](https://www.openwall.com/passwdqc/) and in the documentation files (man pages and a README) included in the sub-packages below.
|
||||||
|
|
||||||
|
### Usage in Rocky Linux
|
||||||
|
|
||||||
|
There are 4 sub-packages:
|
||||||
|
|
||||||
|
#### pam_passwdqc
|
||||||
|
|
||||||
|
`pam_passwdqc` is a PAM module that is normally invoked on password changes by programs such as `passwd(1)`. It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable.
|
||||||
|
|
||||||
|
Merely installing this sub-package does not yet configure the system to use the PAM module. To do so, please edit PAM configuration files e.g. like [shown here](https://github.com/openwall/passwdqc/issues/19#issuecomment-1140262371).
|
||||||
|
|
||||||
|
#### passwdqc-utils
|
||||||
|
|
||||||
|
`pwqcheck` and `pwqgen` are standalone password/passphrase strength checking and random passphrase generator programs, respectively, which are usable from scripts.
|
||||||
|
|
||||||
|
The `pwqfilter` program searches, creates, or updates binary passphrase filter files, which can also be used with `pwqcheck` and `pam_passwdqc`. This can be used for checking of user-provided passwords against existing data breaches, which is recommended in the current NIST guidance, specifically in publication 800-63B sections 5.1.1.2 and A.3. Paid pre-generated filter files are available from Openwall at the project homepage above, but with this tool you can also generate your own.
|
||||||
|
|
||||||
|
#### libpasswdqc
|
||||||
|
|
||||||
|
`libpasswdqc` is the underlying library, which may also be used from third-party programs.
|
||||||
|
|
||||||
|
#### passwdqc
|
||||||
|
|
||||||
|
`passwdqc` is a meta sub-package that installs (via dependencies) all 3 actual sub-packages above.
|
Loading…
Reference in New Issue
Block a user