pam_cracklib can be used to set system policies regarding password strength in
various ways (complexity of password, dis-similarity of password to old passwds,
Unfortunately, pam_cracklib is used only in system-auth, which is generated by
authconfig. As an admin, I can set up system policies in system-auth, but the
next time authconfig is run those modifications will be lost.
Moving pam_cracklib to a non-autogenerated configuration file will allow
administrators to actually configure system policies....
I notice that there's a similar bug requesting that some policy information be
added to authconfig. That might be another solution, but it would probably wind
up being less flexible (that request only wanted passwd length stuff, for
Any chance of (ab)using the /etc/libuser.conf file to do this sort of thing?
This works well with current authconfig package. It preserves all
options of pam_cracklib.so when rewriting system-auth file.