I would like to have a password policy inforced somehow ... pam is what I'm trying to use. I want to have a very elaborate policy later on, but for now I've been trying to do something simple.

Here is the simple policy:
1. password must contain at least 8 characters.
2. user can only retry 3 times
3. at least one of the characters must be a number.
4. at least one of the characters must be a lower case letter.

Here are the lines in /etc/pam.d/system-auth
The above policy isn't being enforced because I can always use "passwd" and change my password to an all lowercase 8 character string. For instance this password will pass the policy: zxcasdqw

I've shut down my server and rebooted and still I can change the password to all lowercase letters.

My system:
Fedora Core 2

RPMs installed:
pam-0.77-40
pam_smb-1.1.7-3.1
pam-devel-0.77-40
pam_krb5-2.0.10-1

While troubleshooting I put this in /etc/pam.d/passwd
... nothing seems to work. Any ideas?

-- Tony

OK, I figured out my problem.

I should be using a dcredit=-1 (rather than dcredit=1).

It seems that if I give a dcredit=1 .... then I've already given a credit of 1 digit BEFORE the password is even entered on the command line! The same goes for lcredit=1, ucredit=1, etc.

So ... If I have a minlen=8 lcredit=1 ucredit=1 ... then I can effectively type in a 6 character password and meet the minlen requirement! Holy Cow, Batman!

The proper entry should be:

--Tony

i am facing the same issues., i have given -1 for atleast one digit but still accepting everything as password...Is there any known version mismatch issues with PAM ?..

i am using RHEL 3.