8.34.2. Installation of Libpwquality
Create the PKGBUILD for the Libpwquality package with the following
commands:
mkdir /sources/libpwquality
cd /sources/libpwquality
cat > PKGBUILD << "REALEOF"
# Maintainer: Linux From Scratch <lfs-dev@lists.linuxfromscratch.org>
pkgname="libpwquality"
pkgver="1.4.4"
pkgrel="1"
pkgdesc="The libpwquality package provides common functions for password quality checking and also scoring them based on their apparent randomness."
arch=('x86'
'x86_64')
url="https://github.com/libpwquality/libpwquality"
license=('GPLv3')
depends=('cracklib'
'glibc'
'linux-pam'
'python')
makedepends=('bash'
'binutils'
'coreutils'
'cracklib'
'gcc'
'glibc'
'grep'
'linux-pam'
'make'
'python'
'sed'
'shadow')
backup=('etc/security/pwquality.conf')
install='libpwquality-install'
source=("https://github.com/libpwquality/libpwquality/releases/download/libpwquality-1.4.4/libpwquality-1.4.4.tar.bz2")
md5sums=('1fe43f6641dbf1e1766e2a02cf68a9c3')
build() {
cd "${pkgname}-${pkgver}"
./configure --prefix=/usr \
--disable-static \
--with-securedir=/usr/lib/security \
--with-python-binary=python3
make
}
package() {
cd "${pkgname}-${pkgver}"
make DESTDIR="${pkgdir}" install
}
REALEOF
You will also need to update the default Linux-PAM password
configuration when installing Libpwquality:
cat > PKGBUILD << "REALEOF"
post_install(){
mv /etc/pam.d/system-password{,.orig}
cat > /etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password
# check new passwords for strength (man pam_pwquality)
password required pam_pwquality.so authtok_type=UNIX retry=1 difok=1 \
minlen=8 dcredit=0 ucredit=0 \
lcredit=0 ocredit=0 minclass=1 \
maxrepeat=0 maxsequence=0 \
maxclassrepeat=0 geoscheck=0 \
dictcheck=1 usercheck=1 \
enforcing=1 badwords="" \
dictpath=/usr/lib/cracklib/pw_dict
# use sha512 hash for encryption, use shadow, and use the
# authentication token (chosen password) set by pam_pwquality
# above (or any previous modules)
password required pam_unix.so sha512 shadow use_authtok
# End /etc/pam.d/system-password
EOF
}
REALEOF
Prepare the build directory for the pacman user and build the
package:
chown -R root:pacman .
chmod 2775 .
chmod 664 PKGBUILD
su pacman -c 'makepkg -L --nodeps'
Add the newly created package to the central package repository:
repo-add /srv/pacman/repos/LFS/LFS.db.tar.xz \
/srv/pacman/repos/LFS/libpwquality-1.4.4-1-$(uname -m).pkg.tar.xz
Update the local cache and install the Libpwquality package:
pacman -Syu
pacman -S libpwquality --overwrite \* -dd --noconfirm
Finally, copy the source files into the source repository and clean
up the build directory:
mkdir /srv/pacman/source/LFS/libpwquality
cp PKGBUILD /srv/pacman/source/LFS/libpwquality
cp libpwquality.install /srv/pacman/source/LFS/libpwquality
cd /sources
rm -rf libpwquality
Install libpwquality by running
the following commands:
./configure --prefix=/usr \
--disable-static \
--with-securedir=/usr/lib/security \
--with-python-binary=python3 &&
make
This package does not come with a test suite.
Now, as the root user:
make install
8.34.4. Configuring libpwquality
libpwquality is intended to be a
functional replacement for the now-obsolete pam_cracklib.so PAM module. To configure the
system to use the pam_pwquality
module, execute the following commands as the root user:
mv /etc/pam.d/system-password{,.orig} &&
cat > /etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password
# check new passwords for strength (man pam_pwquality)
password required pam_pwquality.so authtok_type=UNIX retry=1 difok=1 \
minlen=8 dcredit=0 ucredit=0 \
lcredit=0 ocredit=0 minclass=1 \
maxrepeat=0 maxsequence=0 \
maxclassrepeat=0 geoscheck=0 \
dictcheck=1 usercheck=1 \
enforcing=1 badwords="" \
dictpath=/usr/lib/cracklib/pw_dict
# use sha512 hash for encryption, use shadow, and use the
# authentication token (chosen password) set by pam_pwquality
# above (or any previous modules)
password required pam_unix.so sha512 shadow use_authtok
# End /etc/pam.d/system-password
EOF