From Gentoo security handbook Chapter 7 (PAM)
http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=7

--
Code Listing 2: /etc/pam.d/passwd

auth     required pam_unix.so shadow nullok
account  required pam_unix.so
password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=2 ocredit=2
password required pam_unix.so md5 use_authtok
session  required pam_unix.so

This will add the cracklib which will ensure that the user passwords are at least 8 characters and contain a minimum of 2 digits, 2 other characters, and are more than 3 characters different from the last password. This forces the user to choose a good password (password policy). Check the PAM documentation for more options.
--

This is not true *syntax of pam is really strange*, because this example Code will add the cracklib wich will ensure that the user passwords are at least 8 charaters with extra credit of 2 for digits and 2 for others. The result is that a 6 characters passwd with letters and numbers can be considered good!

The correct configuration in order to make what the comment says, is:

password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=-2 ocredit=-2