Opbzil

To configure pam cracklib to require at least one uppercase character, lowercase character, digit, and other (special) character, locate the following line in /etc/pam.d/system-auth

password requisite pam_cracklib.so try_first_pass retry=3

and then alter it to read (placing the text on one line, which is not possible here):

password required pam_cracklib.so try_first_pass retry=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1

To activate pam passwdqc, locate the following line in /etc/pam.d/system-auth:

password requisite pam_cracklib.so try_first_pass retry=3

and then replace it with the line:

password requisite pam_passwdqc.so min=disabled,disabled,16,12,8

To enforce password lockout, add to the top of the auth lines

auth required pam_tally2.so deny=5 onerr=fail