passwordcheck_cracklib

使用cracklib加固PG用户密码

概览

扩展包名	版本	分类	许可证	语言
`passwordcheck_cracklib`	`3.1.0`	SEC	LGPL-2.1	C

ID	扩展名	Bin	Lib	Load	Create	Trust	Reloc	模式
7000	`passwordcheck_cracklib`	否	是	是	否	否	否	-

相关扩展	`pg_auth_mon` `credcheck` `pgaudit` `login_hook` `auth_delay` `set_user` `sepgsql`

版本

类型	仓库	版本	PG 大版本	包名	依赖
EXT	MIXED	`3.1.0`	1817161514	`passwordcheck_cracklib`	-
RPM	PGDG	`3.1.0`	1817161514	`passwordcheck_cracklib_$v`	-
DEB	PIGSTY	`3.1.0`	1817161514	`postgresql-$v-passwordcheck-cracklib`	-

OS / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PGDG 3.1.0 el8.x86_64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel8.x86_64.rpm PGDG · 3.1.0 · 12.3KiB	PGDG 3.1.0 el8.x86_64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-2PGDG.rhel8.x86_64.rpm PGDG · 3.1.0 · 12.2KiB	PGDG 3.0.0 el8.x86_64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.0.0-1.rhel8.1.x86_64.rpm PGDG · 3.0.0 · 11.9KiB	PGDG 3.0.0 el8.x86_64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.0.0-1.rhel8.x86_64.rpm PGDG · 3.0.0 · 11.8KiB	PGDG 3.0.0 el8.x86_64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.0.0-1.rhel8.x86_64.rpm PGDG · 3.0.0 · 11.8KiB passwordcheck_cracklib_14-2.0.0-1.rhel8.x86_64.rpm PGDG · 2.0.0 · 17.4KiB
el8.aarch64	PGDG 3.1.0 el8.aarch64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel8.aarch64.rpm PGDG · 3.1.0 · 12.3KiB	PGDG 3.1.0 el8.aarch64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-2PGDG.rhel8.aarch64.rpm PGDG · 3.1.0 · 12.2KiB	PGDG 3.0.0 el8.aarch64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.0.0-1.rhel8.1.aarch64.rpm PGDG · 3.0.0 · 11.9KiB	PGDG 3.0.0 el8.aarch64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.0.0-1.rhel8.aarch64.rpm PGDG · 3.0.0 · 11.8KiB	PGDG 3.0.0 el8.aarch64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.0.0-1.rhel8.aarch64.rpm PGDG · 3.0.0 · 11.8KiB
el9.x86_64	PGDG 3.1.0 el9.x86_64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel9.x86_64.rpm PGDG · 3.1.0 · 11.7KiB	PGDG 3.1.0 el9.x86_64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-2PGDG.rhel9.x86_64.rpm PGDG · 3.1.0 · 11.6KiB	PGDG 3.0.0 el9.x86_64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.0.0-1.rhel9.1.x86_64.rpm PGDG · 3.0.0 · 11.2KiB	PGDG 3.0.0 el9.x86_64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.0.0-1.rhel9.x86_64.rpm PGDG · 3.0.0 · 11.1KiB	PGDG 3.0.0 el9.x86_64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.0.0-1.rhel9.x86_64.rpm PGDG · 3.0.0 · 11.1KiB passwordcheck_cracklib_14-2.0.0-1.rhel9.x86_64.rpm PGDG · 2.0.0 · 16.7KiB
el9.aarch64	PGDG 3.1.0 el9.aarch64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel9.aarch64.rpm PGDG · 3.1.0 · 11.4KiB	PGDG 3.1.0 el9.aarch64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-2PGDG.rhel9.aarch64.rpm PGDG · 3.1.0 · 11.4KiB	PGDG 3.0.0 el9.aarch64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.0.0-1.rhel9.1.aarch64.rpm PGDG · 3.0.0 · 10.9KiB	PGDG 3.0.0 el9.aarch64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.0.0-1.rhel9.aarch64.rpm PGDG · 3.0.0 · 10.8KiB	PGDG 3.0.0 el9.aarch64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.0.0-1.rhel9.aarch64.rpm PGDG · 3.0.0 · 10.8KiB
el10.x86_64	PGDG 3.1.0 el10.x86_64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.x86_64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.x86_64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.x86_64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.x86_64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.1.0-3PGDG.rhel10.x86_64.rpm PGDG · 3.1.0 · 12.1KiB
el10.aarch64	PGDG 3.1.0 el10.aarch64.pg18 : passwordcheck_cracklib_18 passwordcheck_cracklib_18-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.aarch64.pg17 : passwordcheck_cracklib_17 passwordcheck_cracklib_17-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.aarch64.pg16 : passwordcheck_cracklib_16 passwordcheck_cracklib_16-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.aarch64.pg15 : passwordcheck_cracklib_15 passwordcheck_cracklib_15-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB	PGDG 3.1.0 el10.aarch64.pg14 : passwordcheck_cracklib_14 passwordcheck_cracklib_14-3.1.0-3PGDG.rhel10.aarch64.rpm PGDG · 3.1.0 · 12.1KiB
d12.x86_64	PIGSTY 3.1.0 d12.x86_64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.6KiB	PIGSTY 3.1.0 d12.x86_64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d12.x86_64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d12.x86_64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d12.x86_64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_amd64.deb PIGSTY · 3.1.0 · 17.6KiB
d12.aarch64	PIGSTY 3.1.0 d12.aarch64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d12.aarch64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.7KiB	PIGSTY 3.1.0 d12.aarch64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.7KiB	PIGSTY 3.1.0 d12.aarch64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.7KiB	PIGSTY 3.1.0 d12.aarch64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~bookworm_arm64.deb PIGSTY · 3.1.0 · 17.7KiB
d13.x86_64	PIGSTY 3.1.0 d13.x86_64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.6KiB	PIGSTY 3.1.0 d13.x86_64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d13.x86_64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d13.x86_64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.5KiB	PIGSTY 3.1.0 d13.x86_64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_amd64.deb PIGSTY · 3.1.0 · 17.6KiB
d13.aarch64	PIGSTY 3.1.0 d13.aarch64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d13.aarch64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d13.aarch64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d13.aarch64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB	PIGSTY 3.1.0 d13.aarch64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~trixie_arm64.deb PIGSTY · 3.1.0 · 17.8KiB
u22.x86_64	PIGSTY 3.1.0 u22.x86_64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.5KiB	PIGSTY 3.1.0 u22.x86_64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.6KiB	PIGSTY 3.1.0 u22.x86_64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.6KiB	PIGSTY 3.1.0 u22.x86_64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.6KiB	PIGSTY 3.1.0 u22.x86_64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_amd64.deb PIGSTY · 3.1.0 · 18.6KiB
u22.aarch64	PIGSTY 3.1.0 u22.aarch64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.1KiB	PIGSTY 3.1.0 u22.aarch64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u22.aarch64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u22.aarch64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u22.aarch64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~jammy_arm64.deb PIGSTY · 3.1.0 · 18.3KiB
u24.x86_64	PIGSTY 3.1.0 u24.x86_64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.6KiB	PIGSTY 3.1.0 u24.x86_64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.5KiB	PIGSTY 3.1.0 u24.x86_64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.5KiB	PIGSTY 3.1.0 u24.x86_64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.5KiB	PIGSTY 3.1.0 u24.x86_64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_amd64.deb PIGSTY · 3.1.0 · 18.6KiB
u24.aarch64	PIGSTY 3.1.0 u24.aarch64.pg18 : postgresql-18-passwordcheck-cracklib postgresql-18-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.3KiB	PIGSTY 3.1.0 u24.aarch64.pg17 : postgresql-17-passwordcheck-cracklib postgresql-17-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u24.aarch64.pg16 : postgresql-16-passwordcheck-cracklib postgresql-16-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.3KiB	PIGSTY 3.1.0 u24.aarch64.pg15 : postgresql-15-passwordcheck-cracklib postgresql-15-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.2KiB	PIGSTY 3.1.0 u24.aarch64.pg14 : postgresql-14-passwordcheck-cracklib postgresql-14-passwordcheck-cracklib_3.1.0-2PIGSTY~noble_arm64.deb PIGSTY · 3.1.0 · 18.3KiB

构建

您可以使用 pig build 命令构建 passwordcheck_cracklib 扩展的 DEB 包：

pig build pkg passwordcheck_cracklib         # 构建 DEB 包

安装

您可以直接安装 passwordcheck_cracklib 扩展包的预置二进制包，首先确保 PGDG 和 PIGSTY 仓库已经添加并启用：

pig repo add pgsql -u          # 添加仓库并更新缓存

使用 pig 或者是 apt/yum/dnf 安装扩展：

pig install passwordcheck_cracklib;          # 当前活跃 PG 版本安装

pig ext install -y passwordcheck_cracklib -v 18  # PG 18
pig ext install -y passwordcheck_cracklib -v 17  # PG 17
pig ext install -y passwordcheck_cracklib -v 16  # PG 16
pig ext install -y passwordcheck_cracklib -v 15  # PG 15
pig ext install -y passwordcheck_cracklib -v 14  # PG 14

dnf install -y passwordcheck_cracklib_18       # PG 18
dnf install -y passwordcheck_cracklib_17       # PG 17
dnf install -y passwordcheck_cracklib_16       # PG 16
dnf install -y passwordcheck_cracklib_15       # PG 15
dnf install -y passwordcheck_cracklib_14       # PG 14

apt install -y postgresql-18-passwordcheck-cracklib   # PG 18
apt install -y postgresql-17-passwordcheck-cracklib   # PG 17
apt install -y postgresql-16-passwordcheck-cracklib   # PG 16
apt install -y postgresql-15-passwordcheck-cracklib   # PG 15
apt install -y postgresql-14-passwordcheck-cracklib   # PG 14

预加载配置：

shared_preload_libraries = '$libdir/passwordcheck_cracklib';

用法

passwordcheck_cracklib: 使用 cracklib 加强 PostgreSQL 用户密码检查

passwordcheck_cracklib 类似于标准 PostgreSQL passwordcheck 模块，但使用 cracklib 进行更严格的密码检查。每当通过 CREATE ROLE 或 ALTER ROLE 设置密码时检查用户密码。如果密码被认为太弱，将被拒绝并以错误终止命令。

配置

在 postgresql.conf 中添加到 shared_preload_libraries：

shared_preload_libraries = '$libdir/passwordcheck_cracklib'

重启 PostgreSQL 以生效。

工作原理

加载后，任何设置密码的 CREATE ROLE 或 ALTER ROLE 命令都会根据 cracklib 字典检查密码。弱密码或容易猜到的密码将被自动拒绝。

-- 如果密码太弱将被拒绝
CREATE ROLE myuser WITH LOGIN PASSWORD 'password123';
-- ERROR: password is easily cracked

-- 强密码将被接受
CREATE ROLE myuser WITH LOGIN PASSWORD 'X9#kLm$vQ2!pR7';

无需 CREATE EXTENSION —— 这仅是一个共享库模块。

意见反馈

这个页面对您有帮助吗？

感谢反馈！请告诉我们如何改进。

抱歉给您带来不便。请告诉我们如何改进。

最后修改 2026-03-14: update extension metadata (953cbd0)