Hide Forgot
Please try to make cracklib-dicts optional. We are trying to minimize the base container image size and cracklib-dicts is huge (9.5MB). An option would be to make it a "Recommends".
See https://bugzilla.redhat.com/show_bug.cgi?id=1323172#c4
How is the dictionary optional? With this default PAM configuration: password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= an user cannot change his password because it complains on missing dictionary: $ passwd Changing password for user test. Changing password for test. Current password: New password: /usr/share/cracklib/pw_dict.pwd.gz: No such file or directory BAD PASSWORD: The password fails the dictionary check - error loading dictionary New password: Similar issue is with perl-Crypt-Cracklib that also fails with default configuration. I wanted to fix perl-Crypt-Crackli by hard-requiring the cracklib-dicts. But since pam_pwquality.so suffers from the same issue, I must ask whether the dictionary is really option.
libpwquality and pam_pwquality allows you to switch off the dictionary check completely. It's just an option in pwquality.conf, use 'dictcheck=0' It is not optional in default configuration however I cannot see how to implement this differently.