Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, February 9, 2022
 
 

mkpwdict(8)

Name

mkpwdict - maintain password-strength checking database

Synopsis

/usr/bin/mkpwdict [-s dict1,... ,dictN] [-l minwordlength]
     [-d destination-path]

Description

The mkpwdict command adds words to the dictionary-lookup database used by pam_authtok_check(7) and passwd(1).

Files containing words to be added to the database can be specified on the command-line using the –s flag.

These source files should have a single word per line. A word should contain only alphanumeric characters; case does not matter. All other characters are discarded. Words shorter than the specified minimum (see below) are skipped. The file /usr/share/lib/dict/words or another spell-checking dictionary can be used as a source file but needs to be processed so that it contains only words with minimum length, by specifying DICTIONMINWORDLENGTH in /etc/default/passwd or the –l option.

If –s is omitted, mkpwdict will use the value of DICTIONLIST specified in /etc/default/passwd (see passwd(1)).

If –l is omitted, mkpwdict will use the value of DICTIONMINWORDLENGTH specified in /etc/default/passwd (see passwd(1)).

The database is created in the directory specified by the –d option. If this option is omitted, mkpwdict uses the value of DICTIONDBDIR specified in /etc/default/passwd (see passwd(1)). The default location is /var/passwd.

Options

The following options are supported:

–s

Specifies a comma-separated list of files containing words to be added to the dictionary-lookup database.

–l

Specifies the minimum dictionary word length, in letters. Words shorter than the specified number will be omitted from the corresponding source file. This option takes a number greater or equal to 2.

–d

Specifies the target location of the dictionary-database.

Examples

Example 1 Using Two Spell-checking Dictionaries and Filtering Them to Contain Only Words not Shorter Than 3 Letters
example$ mkpwdict -s /path/to/dict1,/path/to/dict2 -l 3

This example processes dictionary /path/to/dict1 and skips words from it shorter than 3 letters. Then it processes dictionary /path/to/dict2 and skips words from it shorter than 3 letters. Finally these two dictionaries are merged and written to the default password dictionary location.

Files

/etc/default/passwd

See passwd(1).

/var/passwd

default destination directory

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os
Interface Stability
Committed

See Also

passwd(1), attributes(7), pam_authtok_check(7)

History

The –l option and DICTIONMINWORDLENGTH property were added in Oracle Solaris 11.1.17 and a Solaris 10 patch.

The mkpwdict command was added to Oracle Solaris in Solaris 10 3/05.