PWSCORE(1) General Commands Manual PWSCORE(1)NAME
pwscore - simple configurable tool for checking quality of a password
SYNOPSIS
pwscore [user]
DESCRIPTION
pwscore is a simple tool for checking quality of a password. The password is read from stdin.
The tool uses the libpwquality library to perform configurable checks for minimum length, dictionary checking against cracklib dictionar-
ies, and other checks.
It either reports an error if the password fails any of the checks, or it prints out the password quality score as an integer value between
0 and 100.
The password quality score is relative to the minlen setting in the configuration file. But in general values below 50 can be treated as
moderate quality and above it fairly strong quality. Any password that passes the quality checks (especially the mandatory cracklib check)
should withstand dictionary attacks and scores above 50 with the default minlen setting even fast brute force attacks.
OPTIONS
The first and only optional argument is the user name that is used to check the similarity of the password to the username.
FILES
/etc/security/pwquality.conf - The configuration file for the libpwquality library.
RETURN CODES
pwscore returns 0 on success, non zero on error.
SEE ALSO pwscore(1), pwquality.conf(5), pam_pwquality(8)AUTHORS
Tomas Mraz <tmraz@redhat.com>
Red Hat, Inc. 10 Nov 2011 PWSCORE(1)
Check Out this Related Man Page
KPASSWDD(8) BSD System Manager's Manual KPASSWDD(8)NAME
kpasswdd -- Kerberos 5 password changing server
SYNOPSIS
kpasswdd [--addresses=address] [--check-library=library] [--check-function=function] [-k kspec | --keytab=kspec] [-r realm | --realm=realm]
[-p string | --port=string] [--version] [--help]
DESCRIPTION
kpasswdd serves request for password changes. It listens on UDP port 464 (service kpasswd) and processes requests when they arrive. It
changes the database directly and should thus only run on the master KDC.
Supported options:
--addresses=address
For each till the argument is given, add the address to what kpasswdd should listen too.
--check-library=library
If your system has support for dynamic loading of shared libraries, you can use an external function to check password quality. This
option specifies which library to load.
--check-function=function
This is the function to call in the loaded library. The function should look like this:
const char * passwd_check(krb5_context context, krb5_principal principal, krb5_data *password)
context is an initialized context; principal is the one who tries to change passwords, and password is the new password. Note that
the password (in password->data) is not zero terminated.
-k kspec, --keytab=kspec
Keytab to get authentication key from.
-r realm, --realm=realm
Default realm.
-p string, --port=string
Port to listen on (default service kpasswd - 464).
DIAGNOSTICS
If an error occurs, the error message is returned to the user and/or logged to syslog.
BUGS
The default password quality checks are too basic.
SEE ALSO kpasswd(1), kdc(8)HEIMDAL April 19, 1999 HEIMDAL
How can I be assured that my machine is secure against buffer overflows, remote packet sniffing, and brute force attacks?
Why does the internet have to be so scary? Why can't we all just get along? (2 Replies)
Was wondering if anyone could answer two quick questions... 1) What is the best way to impliment password triviality checking and also checking to make sure a user does not use the same password twice. 2) is there any nice software out there to manage users on multiple machine as far as security... (6 Replies)
Hi,
I am looking for a simple way to :
- force the user to change his password following the first connexion
- check the complexity of a password (password should has a least 8 characters with 1 special char and 1 alpha...).
Thinks for your help (1 Reply)
I faced the following error while configuring the spine for cacti. Can any one help me to sort out this problem:
hecking how to run the C++ preprocessor... g++ -E
checking for g77... g77
checking whether we are using the GNU Fortran 77 compiler... yes
checking whether g77 accepts -g... yes... (1 Reply)
Hi All,
Could anyone please help me with the command or script for checking the password expiry for a particular userid on AIX.
Regards,
Sanjay...:) (5 Replies)
Hi I`m newble here.
How I can make "strong" password by dafault?
Variable in /etc/default/passwd set PASSLENGTH=6
I need to make setting password min passlength 8 and include sumbols !@#$%^&*() , digits, ets...
Plz, help me where I must change setting?
P.S. Sorry for my english. (4 Replies)
Hi all,
Wish to check which setting is set to display the MOTD AFTER successful password verification. I am logging in via a 3rd party ssh tool tectia.
Eg.
Login:
password:
OS Prompt>
Thanks
Eugene (5 Replies)
Hello,
I installed Kerberos on Red Hat. My testing tool checks for the prompt when user log-in. Unfortunately I don't have access to that testing tool so I have to fix somehow the prompt.
My testing tool expects this format:
login: XYZ
Password: When I installed Kerberos I have this format:... (1 Reply)
Hello,
I would like to change a password of a user to a simple one but when i try to add an only lowercase pass i get the error:
Weak password: too short.
Try again.
You can now choose the new password.
A valid password should be a mix of upper and lower case letters,
digits, and... (2 Replies)
Hi,
I am using Red Hat OS 5.0, is there any way that i can password protect directories. I know i can change permission so that no other user can access the content, but sometimes in my office environment i need to share vnc terminal with other people from my login itself. So i want that if user... (1 Reply)
Why is there such an emphasis on strong passwords?
My understanding is that brute force or dictionary attacks are only possible when the attacker can test a large number of passwords in a reasonable amount of time. Modern Unix systems do not expose the encrypted passwords and have limits on how... (14 Replies)
Hi All,
I have a problem setting the password when I have to create a user and password as detailed below.
username : gaacj01 password : oshopp01
username : gaacj02 password : oshopp02
username : gaacj03 password : oshopp03
username : gaacj04 password : oshopp04
username : gaacj05 ... (17 Replies)
Ladies & Gents,
Can one of you gurus please show me a very simple "expect" script to change the password in Solaris in a script, please? Nothing fancy, no error checking, no nothing. Just to change the password of a new user, it's all.
Many thanks in advance. U guys have honestly earned my... (1 Reply)