Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pwscore(1) [centos man page]

PWSCORE(1)						      General Commands Manual							PWSCORE(1)

NAME

       pwscore - simple configurable tool for checking quality of a password

SYNOPSIS

       pwscore [user]

DESCRIPTION

       pwscore is a simple tool for checking quality of a password. The password is read from stdin.

       The  tool  uses the libpwquality library to perform configurable checks for minimum length, dictionary checking against cracklib dictionar-
       ies, and other checks.

       It either reports an error if the password fails any of the checks, or it prints out the password quality score as an integer value between
       0 and 100.

       The  password  quality  score is relative to the minlen setting in the configuration file. But in general values below 50 can be treated as
       moderate quality and above it fairly strong quality. Any password that passes the quality checks (especially the mandatory cracklib  check)
       should withstand dictionary attacks and scores above 50 with the default minlen setting even fast brute force attacks.

OPTIONS

       The first and only optional argument is the user name that is used to check the similarity of the password to the username.

FILES

       /etc/security/pwquality.conf - The configuration file for the libpwquality library.

RETURN CODES

       pwscore returns 0 on success, non zero on error.

SEE ALSO

       pwscore(1), pwquality.conf(5), pam_pwquality(8)

AUTHORS

       Tomas Mraz <tmraz@redhat.com>

Red Hat, Inc.							    10 Nov 2011 							PWSCORE(1)

Check Out this Related Man Page

PWQUALITY.CONF(5)						File Formats Manual						 PWQUALITY.CONF(5)

NAME

       pwquality.conf - configuration for the libpwquality library

SYNOPSIS

       /etc/security/pwquality.conf

DESCRIPTION

       pwquality.conf  provides  a  way  to configure the default password quality requirements for the system passwords. This file is read by the
       libpwquality library and utilities that use this library for checking and generating passwords.

       The file has a very simple name = value format with possible comments starting with # character. The whitespace at the beginning  of  line,
       end of line, and around the = sign is ignored.

OPTIONS

       The possible options in the file are:

	   difok
	       Number of characters in the new password that must not be present in the old password. (default 5)

	   minlen
	       Minimum	acceptable  size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).)
	       Cannot be set to lower value than 6. (default 9)

	   dcredit
	       The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in  the  new  password.
	       (default 1)

	   ucredit
	       The maximum credit for having uppercase characters in the new password.	If less than 0 it is the minimum number of uppercase char-
	       acters in the new password. (default 1)

	   lcredit
	       The maximum credit for having lowercase characters in the new password.	If less than 0 it is the minimum number of lowercase char-
	       acters in the new password. (default 1)

	   ocredit
	       The maximum credit for having other characters in the new password.  If less than 0 it is the minimum number of other characters in
	       the new password. (default 1)

	   minclass
	       The minimum number of required classes of characters for the new password (digits, uppercase, lowercase, others). (default 0)

	   maxrepeat
	       The maximum number of allowed same consecutive characters in the new password.  The check is disabled if the value is  0.  (default
	       0)

	   maxsequence
	       The  maximum  length  of monotonic character sequences in the new password.  Examples of such sequence are '12345' or 'fedcb'. Note
	       that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password.  The check is
	       disabled if the value is 0. (default 0)

	   maxclassrepeat
	       The  maximum number of allowed consecutive characters of the same class in the new password.  The check is disabled if the value is
	       0. (default 0)

	   gecoscheck
	       If nonzero, check whether the words longer than 3 characters from the GECOS field of the user's passwd entry are contained  in  the
	       new password.  The check is disabled if the value is 0. (default 0)

	   badwords
	       Space  separated  list  of  words that must not be contained in the password. These are additional words to the cracklib dictionary
	       check. This setting can be also used by applications to emulate the gecos check for user accounts that are not created yet.

	   dictpath
	       Path to the cracklib dictionaries. Default is to use the cracklib default.

SEE ALSO

       pwscore(1), pwmake(1), pam_pwquality(8)

AUTHORS

       Tomas Mraz <tmraz@redhat.com>

Red Hat, Inc.							    10 Nov 2011 						 PWQUALITY.CONF(5)
Man Page