pam_passwdqc - Man Page

Password quality-control PAM module

Synopsis

[service-name] module-type control-flag pam_passwdqc [options]

Description

The pam_passwdqc module is a simple password strength checking module for PAM. In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones.

The pam_passwdqc module provides functionality for only one PAM management group: password changing. In terms of the module-type parameter, this is the “password” feature.

The pam_chauthtok() service function may ask the user for a new password, and verify that it meets certain minimum standards. If the chosen password is unsatisfactory, the service function returns PAM_AUTHTOK_ERR.

The set of options that may be passed to the module is exactly the same as the set of options that may be specified in the configuration file (suggested location /etc/passwdqc.conf, to be specified in the config=/etc/passwdqc.conf option). These options are described in passwdqc.conf(5).

See Also

pam.conf(5), passwdqc.conf(5), pam(8).

https://www.openwall.com/passwdqc/

Authors

The pam_passwdqc module was written for Openwall GNU/*/Linux by Solar Designer ⟨solar at openwall.com⟩. This manual page was written for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program. It has since been revised, most importantly to refer to passwdqc.conf(5) instead of describing the options right on this page.

Referenced By

libpasswdqc(3), pam_unix(8), passwdqc.conf(5), pwqcheck(1), pwqfilter(1), pwqgen(1).

December 9, 2019