Introduction to libpwquality

The libpwquality package provides common functions for password quality checking and also scoring them based on their apparent randomness. The library also provides a function for generating random passwords with good pronounceability.



Development versions of BLFS may not build or run some packages properly if dependencies have been updated since the most recent stable versions of the book.

Package Information

libpwquality Dependencies




User Notes:

Installation of libpwquality

Install libpwquality by running the following commands:

./configure --prefix=/usr                      \
            --disable-static                   \
            --with-securedir=/usr/lib/security \
            --with-python-binary=python3       &&

This package does not come with a test suite.

Now, as the root user:

make install

Command Explanations

--with-python-binary=python3: This parameter gives the location of the Python binary. The default is python, and requires Python-2.7.18.

Configuring libpwquality

libpwquality is intended to be a functional replacement for the now-obsolete PAM module. To configure the system to use the pam_pwquality module, execute the following commands as the root user:

mv /etc/pam.d/system-password{,.orig} &&
cat > /etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password

# check new passwords for strength (man pam_pwquality)
password  required   authtok_type=UNIX retry=1 difok=1 \
                                         minlen=8 dcredit=0 ucredit=0 \
                                         lcredit=0 ocredit=0 minclass=1 \
                                         maxrepeat=0 maxsequence=0 \
                                         maxclassrepeat=0 geoscheck=0 \
                                         dictcheck=1 usercheck=1 \
                                         enforcing=1 badwords="" \
# use sha512 hash for encryption, use shadow, and use the
# authentication token (chosen password) set by pam_pwquality
# above (or any previous modules)
password  required        sha512 shadow use_authtok

# End /etc/pam.d/system-password


Installed Programs: pwscore and pwmake
Installed Libraries: and
Installed Directories: None

Short Descriptions


is a simple configurable tool for generating random and relatively easily pronounceable passwords


is a simple tool for checking quality of a password

contains API functions for checking the password quality

is a Linux PAM module used to perform password quality checking