wiki/docs/packages/passwdqc.md

2.4 KiB

Extra package: passwdqc

EL9

  • Version 2.0.3-2.el9_2.security
  • Based on upstream version 2.0.3-2 as packaged in Fedora

EL8

  • Version 2.0.3-2.el8.security
  • Based on upstream version 2.0.3-2 as packaged in Fedora

Package summary

passwdqc is a password/passphrase strength checking and policy enforcement toolset, including a PAM module (pam_passwdqc), command-line programs (pwqcheck, pwqfilter, and pwqgen), and a library (libpasswdqc).

More information is available on the passwdqc homepage and in the documentation files (man pages and a README) included in the sub-packages below.

Usage in Rocky Linux

There are 5 sub-packages:

pam_passwdqc

pam_passwdqc is a PAM module that is normally invoked on password changes by programs such as passwd(1). It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable.

Merely installing this sub-package does not yet configure the system to use the PAM module. To do so, on EL9 use our control, or on either EL8 or EL9 you may edit PAM configuration files manually e.g. like shown here.

passwdqc-utils

pwqcheck and pwqgen are standalone password/passphrase strength checking and random passphrase generator programs, respectively, which are usable from scripts.

The pwqfilter program searches, creates, or updates binary passphrase filter files, which can also be used with pwqcheck and pam_passwdqc. This can be used for checking of user-provided passwords against existing data breaches, which is recommended in the current NIST guidance, specifically in publication 800-63B sections 5.1.1.2 and A.3. Paid pre-generated filter files are available from Openwall at the project homepage above, but with this tool you can also generate your own.

libpasswdqc

libpasswdqc is the underlying library, which may also be used from third-party programs.

libpasswdqc-devel

This package contains development files needed for building passwdqc-aware applications, as well as documentation (man pages) for developing such applications.

passwdqc

passwdqc is a meta sub-package that installs (via dependencies) the actual sub-packages above, except for libpasswdqc-devel.