The passwordpolicy is like the regular PostgreSQL passwordcheck extension, except it is built with cracklib and has some configurations options. Unlike the original module, this one has more strict password checks. The passwordpolicy module checks users’ passwords whenever they are set with CREATE ROLE or ALTER ROLE. If a password is considered too weak, it will be rejected and the command will terminate with an error.

Installing by compiling source code



# add postgres repo
add-apt-repository 'deb xenial-pgdg main'
wget --quiet -O - | sudo apt-key add -

# install postgres
apt-get -y update
apt-get -y install postgresql postgresql-contrib libpq-dev postgresql-server-dev-all

# install build requirements
apt-get -y install make build-essential

# install cracklib
apt-get -y install libpam-cracklib libcrack2-dev


yum -y install openssl-devel

# add postgres repo
rpm -Uvh

# install postgres
yum -y install postgresql10-server postgresql10-libs postgresql10-devel postgresql10-contrib

# install cracklib
yum -y install cracklib cracklib-devel cracklib-dicts words

# create dictionary
mkdict /usr/share/dict/* | packer /usr/lib/cracklib_dict

# initialize databasse
/usr/pgsql-10/bin/postgresql-10-setup initdb

To build it, just do this:

make install

If you encounter an error such as:

make: pg_config: Command not found

Be sure that you have pg_config installed and in your path. If you used a package management system such as RPM to install PostgreSQL, be sure that the -devel package is also installed. If necessary tell the build process where to find it. Edit Makefile, and change PG_CONFIG variable:


followed by the

make install

pg_config is usually under /usr/pgsql-10/bin/pg_config on RHEL/CentOS/Fedora. Replace 10 with your major PostgreSQL version.

Alternatively the following will work too:

PATH="/usr/pgsql-10/bin:$PATH" make
sudo PATH="/usr/pgsql-10/bin:$PATH" make install
PATH="/usr/pgsql-10/bin:$PATH" make installcheck

Using the module

To enable this module, add ‘$libdir/passwordpolicy’ to shared_preload_libraries in postgresql.conf, then restart the server.


Configure the passwordpolicy plugin in postgresql.conf.

p_policy.min_password_len = 8       # Set minimum Password length
p_policy.min_special_chars = 2      # Set minimum number of special chracters
p_policy.min_numbers = 2            # Set minimum number of numeric characters
p_policy.min_uppercase_letter = 2   # Set minimum number of upper case letters
p_policy.min_lowercase_letter = 2   # Set minimum number of lower casae letters


Using vagrant:

vagrant up
vagrant provision --provision-with install

More information

For more details, please read the manual of the original module:


Bug reports and pull requests are welcome on GitHub at passwordpolicy repository. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.



The project is available as open source under the terms of the MIT License.