Introduction to libpwquality

The libpwquality package provides common functions for password quality checking and also scoring them based on their apparent randomness. The library also provides a function for generating random passwords with good pronounceability.

This package is known to build and work properly using an LFS 12.1 platform.

Package Information

libpwquality Dependencies




Installation of libpwquality

Install libpwquality by running the following commands:

./configure --prefix=/usr                      \
            --disable-static                   \
            --with-securedir=/usr/lib/security \
            --disable-python-bindings          &&
make &&
pip3 wheel -w dist --no-build-isolation --no-deps --no-cache-dir $PWD/python

This package does not come with a test suite.

Now, as the root user:

make install &&
pip3 install --no-index --find-links=dist --no-cache-dir --no-user pwquality

Command Explanations

--disable-python-bindings: This parameter disables building Python bindings with the deprecated python3 build command. The explicit instruction to build the Python 3 binding with the pip3 wheel command is provided.

Configuring libpwquality

libpwquality is intended to be a functional replacement for the now-obsolete PAM module. To configure the system to use the pam_pwquality module, execute the following commands as the root user:

mv /etc/pam.d/system-password{,.orig} &&
cat > /etc/pam.d/system-password << "EOF"
# Begin /etc/pam.d/system-password

# check new passwords for strength (man pam_pwquality)
password  required   authtok_type=UNIX retry=1 difok=1 \
                                         minlen=8 dcredit=0 ucredit=0 \
                                         lcredit=0 ocredit=0 minclass=1 \
                                         maxrepeat=0 maxsequence=0 \
                                         maxclassrepeat=0 gecoscheck=0 \
                                         dictcheck=1 usercheck=1 \
                                         enforcing=1 badwords="" \

# use yescrypt hash for encryption, use shadow, and try to use any
# previously defined authentication token (chosen password) set by any
# prior module.
password  required        yescrypt shadow try_first_pass

# End /etc/pam.d/system-password


Installed Programs: pwscore and pwmake
Installed Libraries: and
Installed Directories: /usr/lib/python3.11/site-packages/pwquality-1.4.5.dist-info

Short Descriptions


is a simple configurable tool for generating random and relatively easily pronounceable passwords


is a simple tool for checking quality of a password

contains API functions for checking the password quality

is a Linux PAM module used to perform password quality checking