I use "chage -d0 userid" to force the user to change the password , Now , when the user change the password , if the user input the new password not meet the policy , then there is a message will pop to the screen , but this message seems is a warning only , the user still can change the password , if I want the user can only change the new password that must meet the policy , what can i do ? thx
the below is the system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok try_first_pass md5 sh
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so