Hi
I have configured PAM for password complexity. When I changed my password as a normal user the system asks for a complex password otherwise it doesn’t accept at all. But if I reset password for any user with simple or short password (i.e. single char) as root it will accept.

Here does it mean PAM rules can be overcome by root or it will not work under root credentials?

My system-auth conf:
password requisite pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=3

OS: RHEL 5.8

Thanks
Vega

You can read the module details here http://linux-pam.org/Linux-PAM-html/..._cracklib.html but I believe that root can bypass it for 2 reasons

1. root is ${deity} anyway, so he could always set the entry in /etc/shadow some other way
2. there may be restrictions on some acct(s) to use/re-use a given passwd ...