passwdqc is a password/passphrase strength checking and policy enforcement toolset, including an optional PAM module (pam_passwdqc), command-line programs (pwqcheck and pwqgen), and a library (libpasswdqc).
On systems with PAM, pam_passwdqc is normally invoked on password changes by programs such as passwd(1). It is capable of checking password or passphrase strength, enforcing a policy, and offering randomly-generated passphrases, with all of these features being optional and easily (re-)configurable.
pwqcheck and pwqgen are standalone password/passphrase strength checking and random passphrase generator programs, respectively, which are usable from scripts.
libpasswdqc is the underlying library, which may also be used from third-party programs.
You may view the latest INSTALL, README, and PLATFORMS files (which are also included in the archives below), as well as screenshots demonstrating the uses and setup of passwdqc on Openwall GNU/*/Linux. There's a wiki page with detailed Solaris-specific instructions and another one with password strength policy considerations (a must read before you possibly override passwdqc's defaults). There's also a tutorial on using the pwqcheck program from PHP scripts (part of an article on how to manage a PHP application's users and passwords).
Download (release notes):
These and older versions of passwdqc are also available from the Openwall file archive. The source code of passwdqc may be browsed via CVSweb.
Follow this link for information on verifying the signatures.
There's a mailing list where you can share your experience with passwdqc and ask questions. Please be sure to specify an informative message subject whenever you post to the list (that is, something better than "question" or "problem"). To subscribe, enter your e-mail address below or send an empty message to <passwdqc-users-subscribe at lists.openwall.com>. You will be required to confirm your subscription by "replying" to the automated confirmation request that will be sent to you. You will be able to unsubscribe at any time and we will not use your e-mail address for any other purpose or share it with a third party. However, if you post to the list, other subscribers and those viewing the archives may see your address(es) as specified on your message. There is a web-based archive of the list.
We may help you integrate pam_passwdqc into your OS installs, please check out our services.
pam_passwdqc has been integrated into FreeBSD 5.0+ and DragonFly BSD 2.2+, and it has been packaged for NetBSD. It is used on Owl, distributions by ALT Linux team, ASPLinux, and Annvix. Additionally, it is part of Red Hat Enterprise Linux, CentOS, and Fedora, Debian GNU/Linux, Ubuntu, SUSE Linux, Gentoo Linux, and PLD.
passwdqc is a registered project with Open Hub.
You may want to check out these other PAM modules.