Hide Forgot
Description of problem: passwd rpm depends on pam, which in turn depends on cracklib and cracklib-dicts. I do not want to dispute the need for strong passwords but sometimes this measure is not necessary. For example, containers are often without any passwords - regular users are not supposed to ever log in. Cracklib-dicts take a lot of space in container images. It would be great to have a way to install a minimal system without cracklib-dicts.
See also bug #865521 ("rfe: smaller cracklibs-dict for cloud images")
passwd links to libpam, so it will always depend on PAM. Whether pam, libpwquality, or whatever puts pam_pwquality into default PAM configs should depend on cracklib-dicts is up to whatever owns the default configuration. (I could imagine a RPM packaging where the user can choose between a PAM configuration which allows password login and requires cracklib-dicts, and a configuration where password login is universally prohibited and cracklib-dicts is unnecessary. But, honestly, my first instinct is to just close as WONTFIX; one of the supposed benefits of Docker images is inheritance. Sure, by naive accounting it adds 9M per a Docker image, but really that is only 9M per a Fedora base image shared across a big set of Docker images. That, more or less one cracklib-dicts instance per a major OS version should not hurt AT ALL.)
We might reconsider this for RHEL-8 and there are already some changes in this regard in Fedora. Changes of this kind are not elligible for RHEL-7.