password_pwncheck

Enterprise Password Quality Checking using any hash data sources (HaveIBeenPwned lists, et al)

The purpose of this project is to help companies maintain a stronger password policy without having to jump through too many hoops. Currently, we support NIST 800-63B features such as testing the password against a long minimum length (default of 15), not matching prev ious passwords (or similar entries), and most important- the password can't belong to a breach list.

The project consists of two parts:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Installation

This code is very fresh- it is functional and has been tested to work, but the installation and configuration will require some level of knowledge of configuring variable values in scripts and know-how on how Kerberos/PAM/AD perform password change management. This is mainly because I make no claims that I am a technical writer, so I may be covering configuration in broad strokes...

(Under Construction)

Password Server

AD Password filter DLL

Kerberos filter Shared Object

PAM Password filter Shared Object