passwordcheck_cracklib

Strengthen PostgreSQL user password checks with cracklib

Overview

Package	Version	Category	License	Language
`passwordcheck_cracklib`	`3.1.0`	SEC	LGPL-2.1	C

ID	Extension	Bin	Lib	Load	Create	Trust	Reloc	Schema
7000	`passwordcheck_cracklib`	No	Yes	Yes	No	No	No	-

Related	`pg_auth_mon` `credcheck` `pgaudit` `login_hook` `auth_delay` `set_user` `sepgsql`

Version

Type	Repo	Version	PG Ver	Package	Deps
EXT	MIXED	`3.1.0`	1817161514	`passwordcheck_cracklib`	-
RPM	PGDG	`3.1.0`	1817161514	`passwordcheck_cracklib_$v`	-
DEB	PIGSTY	`3.1.0`	1817161514	`postgresql-$v-passwordcheck-cracklib`	-

OS / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PGDG 3.1.0 el8.x86_64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel8.x86_64.rpm PGDG · 3.1.0 · 12.3KiB	PGDG 3.1.0 el8.x86_64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-2PGDG.rhel8.x86_64.rpm PGDG · 3.1.0 · 12.2KiB	PGDG 3.0.0 el8.x86_64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.0.0-1.rhel8.1.x86_64.rpm PGDG · 3.0.0 · 11.9KiB	PGDG 3.0.0 el8.x86_64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.0.0-1.rhel8.x86_64.rpm PGDG · 3.0.0 · 11.8KiB	PGDG 3.0.0 el8.x86_64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.0.0-1.rhel8.x86_64.rpm PGDG · 3.0.0 · 11.8KiB passwordcheck_cracklib_14-2.0.0-1.rhel8.x86_64.rpm PGDG · 2.0.0 · 17.4KiB
el8.aarch64	PGDG 3.1.0 el8.aarch64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel8.aarch64.rpm PGDG · 3.1.0 · 12.3KiB	PGDG 3.1.0 el8.aarch64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-2PGDG.rhel8.aarch64.rpm PGDG · 3.1.0 · 12.2KiB	PGDG 3.0.0 el8.aarch64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.0.0-1.rhel8.1.aarch64.rpm PGDG · 3.0.0 · 11.9KiB	PGDG 3.0.0 el8.aarch64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.0.0-1.rhel8.aarch64.rpm PGDG · 3.0.0 · 11.8KiB	PGDG 3.0.0 el8.aarch64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.0.0-1.rhel8.aarch64.rpm PGDG · 3.0.0 · 11.8KiB
el9.x86_64	PGDG 3.1.0 el9.x86_64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel9.x86_64.rpm PGDG · 3.1.0 · 11.7KiB	PGDG 3.1.0 el9.x86_64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-2PGDG.rhel9.x86_64.rpm PGDG · 3.1.0 · 11.6KiB	PGDG 3.0.0 el9.x86_64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.0.0-1.rhel9.1.x86_64.rpm PGDG · 3.0.0 · 11.2KiB	PGDG 3.0.0 el9.x86_64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.0.0-1.rhel9.x86_64.rpm PGDG · 3.0.0 · 11.1KiB	PGDG 3.0.0 el9.x86_64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.0.0-1.rhel9.x86_64.rpm PGDG · 3.0.0 · 11.1KiB passwordcheck_cracklib_14-2.0.0-1.rhel9.x86_64.rpm PGDG · 2.0.0 · 16.7KiB
el9.aarch64	PGDG 3.1.0 el9.aarch64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel9.aarch64.rpm PGDG · 3.1.0 · 11.4KiB	PGDG 3.1.0 el9.aarch64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-2PGDG.rhel9.aarch64.rpm PGDG · 3.1.0 · 11.4KiB	PGDG 3.0.0 el9.aarch64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.0.0-1.rhel9.1.aarch64.rpm PGDG · 3.0.0 · 10.9KiB	PGDG 3.0.0 el9.aarch64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.0.0-1.rhel9.aarch64.rpm PGDG · 3.0.0 · 10.8KiB	PGDG 3.0.0 el9.aarch64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.0.0-1.rhel9.aarch64.rpm PGDG · 3.0.0 · 10.8KiB
el10.x86_64	PGDG 3.1.0 el10.x86_64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.x86_64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.x86_64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.x86_64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.x86_64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB
el10.aarch64	PGDG 3.1.0 el10.aarch64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.aarch64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.aarch64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.aarch64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.aarch64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB
d12.x86_64	PIGSTY 3.1.0 d12.x86_64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.6KiB	PIGSTY 3.1.0 d12.x86_64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d12.x86_64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d12.x86_64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d12.x86_64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.6KiB
d12.aarch64	PIGSTY 3.1.0 d12.aarch64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d12.aarch64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.7KiB	PIGSTY 3.1.0 d12.aarch64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.7KiB	PIGSTY 3.1.0 d12.aarch64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.7KiB	PIGSTY 3.1.0 d12.aarch64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.7KiB
d13.x86_64	PIGSTY 3.1.0 d13.x86_64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.6KiB	PIGSTY 3.1.0 d13.x86_64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d13.x86_64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d13.x86_64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d13.x86_64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.6KiB
d13.aarch64	PIGSTY 3.1.0 d13.aarch64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d13.aarch64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d13.aarch64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d13.aarch64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d13.aarch64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB
u22.x86_64	PIGSTY 3.1.0 u22.x86_64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.5KiB	PIGSTY 3.1.0 u22.x86_64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.6KiB	PIGSTY 3.1.0 u22.x86_64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.6KiB	PIGSTY 3.1.0 u22.x86_64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.6KiB	PIGSTY 3.1.0 u22.x86_64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.6KiB
u22.aarch64	PIGSTY 3.1.0 u22.aarch64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.1KiB	PIGSTY 3.1.0 u22.aarch64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u22.aarch64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u22.aarch64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u22.aarch64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.3KiB
u24.x86_64	PIGSTY 3.1.0 u24.x86_64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.6KiB	PIGSTY 3.1.0 u24.x86_64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.5KiB	PIGSTY 3.1.0 u24.x86_64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.5KiB	PIGSTY 3.1.0 u24.x86_64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.5KiB	PIGSTY 3.1.0 u24.x86_64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.6KiB
u24.aarch64	PIGSTY 3.1.0 u24.aarch64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.3KiB	PIGSTY 3.1.0 u24.aarch64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u24.aarch64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.3KiB	PIGSTY 3.1.0 u24.aarch64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u24.aarch64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.3KiB

Build

You can build the DEB packages for passwordcheck_cracklib using pig build:

pig build pkg passwordcheck_cracklib         # build DEB packages

Install

You can install passwordcheck_cracklib directly. First, make sure the PGDG and PIGSTY repositories are added and enabled:

pig repo add pgsql -u          # Add repo and update cache

Install the extension using pig or apt/yum/dnf:

pig install passwordcheck_cracklib;          # Install for current active PG version

pig ext install -y passwordcheck_cracklib -v 18  # PG 18
pig ext install -y passwordcheck_cracklib -v 17  # PG 17
pig ext install -y passwordcheck_cracklib -v 16  # PG 16
pig ext install -y passwordcheck_cracklib -v 15  # PG 15
pig ext install -y passwordcheck_cracklib -v 14  # PG 14

dnf install -y passwordcheck_cracklib_18       # PG 18
dnf install -y passwordcheck_cracklib_17       # PG 17
dnf install -y passwordcheck_cracklib_16       # PG 16
dnf install -y passwordcheck_cracklib_15       # PG 15
dnf install -y passwordcheck_cracklib_14       # PG 14

apt install -y postgresql-18-passwordcheck-cracklib   # PG 18
apt install -y postgresql-17-passwordcheck-cracklib   # PG 17
apt install -y postgresql-16-passwordcheck-cracklib   # PG 16
apt install -y postgresql-15-passwordcheck-cracklib   # PG 15
apt install -y postgresql-14-passwordcheck-cracklib   # PG 14

Preload:

shared_preload_libraries = '$libdir/passwordcheck_cracklib';

Usage

passwordcheck_cracklib: Strengthen PostgreSQL user password checks with cracklib

passwordcheck_cracklib is like the regular PostgreSQL passwordcheck module, except it is built with cracklib for more strict password checks. It checks users’ passwords whenever they are set with CREATE ROLE or ALTER ROLE. If a password is considered too weak, it will be rejected and the command will terminate with an error.

Configuration

Add the library to shared_preload_libraries in postgresql.conf:

shared_preload_libraries = '$libdir/passwordcheck_cracklib'

Restart PostgreSQL to activate.

How It Works

Once loaded, any CREATE ROLE or ALTER ROLE command that sets a password will have the password checked against cracklib’s dictionary. Weak or easily guessable passwords will be rejected automatically.

-- This will be rejected if the password is too weak
CREATE ROLE myuser WITH LOGIN PASSWORD 'password123';
-- ERROR: password is easily cracked

-- A strong password will be accepted
CREATE ROLE myuser WITH LOGIN PASSWORD 'X9#kLm$vQ2!pR7';

No CREATE EXTENSION is required – this is a shared library module only.

Feedback

Was this page helpful?

Thanks for the feedback! Please let us know how we can improve.

Sorry to hear that. Please let us know how we can improve.

Last Modified 2026-03-12: add pg extension catalog (95749bf)