From Gentoo security handbook Chapter 7 (PAM) http://www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=7 -- Code Listing 2: /etc/pam.d/passwd auth required pam_unix.so shadow nullok account required pam_unix.so password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=2 ocredit=2 password required pam_unix.so md5 use_authtok session required pam_unix.so This will add the cracklib which will ensure that the user passwords are at least 8 characters and contain a minimum of 2 digits, 2 other characters, and are more than 3 characters different from the last password. This forces the user to choose a good password (password policy). Check the PAM documentation for more options. -- This is not true *syntax of pam is really strange*, because this example Code will add the cracklib wich will ensure that the user passwords are at least 8 charaters with extra credit of 2 for digits and 2 for others. The result is that a 6 characters passwd with letters and numbers can be considered good! The correct configuration in order to make what the comment says, is: password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=-2 ocredit=-2
Fixed in CVS. Thanks for reporting.