Maybe I can briefly clarify some things about pam_passwdqc(8):
First, it sounds like you understand most of the
min=N0,N1,N2,N3,N4 directives. FYI, passphrases refer to a series of space-delimited words. This is a passphrase:
Code:
tokyo giraffe shell smiling
You can control passphrase length (by specifying
N2 above), passphrase # of word requirements (by using
passphrase=N), or turn them off entirely (by using
passphrase=0).
As for the
random option, check this dialog:
Code:
You can now choose the new password or passphrase.
A valid password should be a mix of upper and lower case letters,
digits, and other characters. You can use a 12 character long
password with characters from at least 3 of these 4 classes, or
a 9 character long password containing characters from all the
classes. An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.
A passphrase should be of at least 3 words, 20 to 40 characters
long and contain enough different characters.
Alternatively, if noone else can see your terminal now, you can
pick this as your password: "miff!jagno_tuscany".
Enter new password:
No matter what your password requirements are, they can all be superseded in the case above if the user simply selects "miff!jagno_tuscany". By specifying
random=0 you will disable that feature entirely.