Description of problem: I'm working with a client who is trying to force users to include a numeric character in their passwords. In my testing I've tried the following cracklib options to force a numeric character: dcredit=1 ucredit=0 lcredit=0 ocredit=0 and minlen=1 dcredit=1 ucredit=0 lcredit=0 ocredit=0 and minlen=8 dcredit=1 ucredit=0 lcredit=0 ocredit=0 and minlen=9 dcredit=-1 ucredit=0 ocredit=0 lcredit=0 minlen=8 dcredit=-1 ucredit=0 ocredit=0 lcredit=0 dcredit=-1 ocredit=-1 None of these appear to work as expected on my system. From searching around it appears that this is somewhat of a known issue, and there is a patch available which addresses this problem. Would it be possible to get this patch incorporated into an errata? Please see the following URL for information regarding the patch mentioned above: http://www.puschitz.com/Security.shtml See the section entitled "Setting Up Password Restrictions and Other Restrictions" from the above link. Version-Release number of selected component (if applicable): cracklib-2.7-12, cracklib-dicts-2.7-12 How reproducible: Always Steps to Reproduce: 1.add dcredit option(s) to system-auth, cracklib password line 2.login as user 3.change password Actual Results: user is not required to use a numeric value in password Expected Results: user should be forced to enter a numeric character in password Additional info: