2.0 KiB
Extra package: passwdqc
EL8 and EL9
- Version
2.0.3-2.el9_2.security
- Based on upstream version
2.0.3-2
as packaged in Fedora
Package summary
passwdqc
is a password/passphrase strength checking and policy enforcement toolset, including a PAM module (pam_passwdqc
), command-line programs (pwqcheck
, pwqfilter
, and pwqgen
), and a library (libpasswdqc
).
More information is available on the passwdqc homepage and in the documentation files (man pages and a README) included in the sub-packages below.
Usage in Rocky Linux
There are 4 sub-packages:
pam_passwdqc
pam_passwdqc
is a PAM module that is normally invoked on password changes by programs such as passwd(1)
. It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable.
Merely installing this sub-package does not yet configure the system to use the PAM module. To do so, please edit PAM configuration files e.g. like shown here.
passwdqc-utils
pwqcheck
and pwqgen
are standalone password/passphrase strength checking and random passphrase generator programs, respectively, which are usable from scripts.
The pwqfilter
program searches, creates, or updates binary passphrase filter files, which can also be used with pwqcheck
and pam_passwdqc
. This can be used for checking of user-provided passwords against existing data breaches, which is recommended in the current NIST guidance, specifically in publication 800-63B sections 5.1.1.2 and A.3. Paid pre-generated filter files are available from Openwall at the project homepage above, but with this tool you can also generate your own.
libpasswdqc
libpasswdqc
is the underlying library, which may also be used from third-party programs.
passwdqc
passwdqc
is a meta sub-package that installs (via dependencies) all 3 actual sub-packages above.