Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, February 9, 2022



mkpwdict - maintain password-strength checking database


/usr/bin/mkpwdict [-s dict1,... ,dictN] [-l minwordlength]
     [-d destination-path]


The mkpwdict command adds words to the dictionary-lookup database used by pam_authtok_check(7) and passwd(1).

Files containing words to be added to the database can be specified on the command-line using the –s flag.

These source files should have a single word per line. A word should contain only alphanumeric characters; case does not matter. All other characters are discarded. Words shorter than the specified minimum (see below) are skipped. The file /usr/share/lib/dict/words or another spell-checking dictionary can be used as a source file but needs to be processed so that it contains only words with minimum length, by specifying DICTIONMINWORDLENGTH in /etc/default/passwd or the –l option.

If –s is omitted, mkpwdict will use the value of DICTIONLIST specified in /etc/default/passwd (see passwd(1)).

If –l is omitted, mkpwdict will use the value of DICTIONMINWORDLENGTH specified in /etc/default/passwd (see passwd(1)).

The database is created in the directory specified by the –d option. If this option is omitted, mkpwdict uses the value of DICTIONDBDIR specified in /etc/default/passwd (see passwd(1)). The default location is /var/passwd.


The following options are supported:


Specifies a comma-separated list of files containing words to be added to the dictionary-lookup database.


Specifies the minimum dictionary word length, in letters. Words shorter than the specified number will be omitted from the corresponding source file. This option takes a number greater or equal to 2.


Specifies the target location of the dictionary-database.


Example 1 Using Two Spell-checking Dictionaries and Filtering Them to Contain Only Words not Shorter Than 3 Letters
example$ mkpwdict -s /path/to/dict1,/path/to/dict2 -l 3

This example processes dictionary /path/to/dict1 and skips words from it shorter than 3 letters. Then it processes dictionary /path/to/dict2 and skips words from it shorter than 3 letters. Finally these two dictionaries are merged and written to the default password dictionary location.



See passwd(1).


default destination directory


See attributes(7) for descriptions of the following attributes:

Interface Stability

See Also

passwd(1), attributes(7), pam_authtok_check(7)


The –l option and DICTIONMINWORDLENGTH property were added in Oracle Solaris 11.1.17 and a Solaris 10 patch.

The mkpwdict command was added to Oracle Solaris in Solaris 10 3/05.