Description of problem:

The GUI user/group manager tool does not check password quality, as
/usr/bin/passwd does.

For example, if you put in the password '12345', r-c-users will kick it back as
too short; however '123456' will go through just fine.

Since this has been around for a while (at least since 7.2 that I can test
here), I hesitate to call it a security issue, although it is one.

So, to increase the security of this product (which is probably usually used by
the less skilled systems administrators, who need all the help/support we can
give them to do things the Right Way) - can you make r-c-users check passwords
against the usual bevy of suspects, e.g. cracklib.

Version-Release number of selected component (if applicable):
redhat-config-users-1.1.1-2


How reproducible:
Always (tested in AS 2.1 and RHL 8.0, both with latest errata updates)

Steps to Reproduce:
1. Open redhat-config-users
2. Click New User, fill out fields
3. Attempt to use an insecure password of the proper length (6 characters), e.g.
123456, abcdef, dictionary, redhat, <username>, etc.

Actual results:
Program says nothing about the quality of the password, and accepts the insecure
password

Expected results:
Desired result is to have r-c-users come back when a password is "bad", explain
why (dictionary word, same as username, etc.), suggest that a better password be
used.  Basically follow the formula setup by /usr/bin/passwd -- root can set
insecure passwords, but it root is reminded/warned about the risk.

Additional info: