Description of problem: libpwquality supports providing custom configuration as separate .conf files under /etc/security/pwquality.conf.d which is great. However, unlike with many other packages (for instance openssh) libpwquality does not override /etc/security/pwquality.conf settings with settings read from .conf files. This makes it harder than with other tools to ensure the wanted settings are in use which with other tools is a simple matter of copying something like zzz-local.conf in place, now with libpwquality the main configuration file also needs to be touched. It would also be consistent and more similar with other tools if .conf files would take precedence over the main configuration file. This change is probably too late for RHEL 8 but I'm filing this BZ against it to have the situation documented here and if possible to change in a later RHEL release this BZ can be cloned. Thanks. Version-Release number of selected component (if applicable): libpwquality-1.4.4-3.el8
This bug should go to upstream first, I think? Sorry, it will definitely not go to RHEL 8 series but may be considered for RHEL 9.
Thanks for looking into this. > This bug should go to upstream first, I think? Yes, that would be good. > Sorry, it will definitely not go to RHEL 8 series but may be considered for RHEL 9. Sure, no worries. I think for RHEL 9 doing this before 9.0 would be much better than after that, if even possible then. Thanks.
So would you mind to report this issue upstream?
I've now filed an upstream issue at https://github.com/libpwquality/libpwquality/issues/60 after verifying this is also the behavior on latest Fedora 35.
Looks like no interest either here or upstream, so closing