I'm messing with RH9.0 - trying to understand the options (ucredit, dcredit etc) that you can give pam_cracklib but am having mixed success.
I've altered the passwd config file in /etc/pam.d to:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so \
debug difok=2 dcredit=-1 ucredit=-1 ocredit=0 minlen=8 retry=3 type=PBSOK
password sufficient /lib/security/$ISA/pam_pwdb.so nullok use_authtok md5
password required /lib/security/$ISA/pam_deny.so
When I changed the password of a user (not root) I expected PAM to insist on a minimum length of 8 and a password containing 1 upper case and 1 digit. The minimum length seems to be checked but not the other stuff.
I've read through The Linux-PAM Admin Guide but am still stumped.
Any bright ideas - am willing to RTFM if pointed to the right manuals