cracklib.conf

# copyright:
#   Copyright (C) 1998, 1999 Jean Pierre LeJacq <jplejacq@quoininc.com>
#   Modified 2003 by Martin Pitt <martin@piware.de>
#
#   Distributed under the GNU GENERAL PUBLIC LICENSE.
#
# description:
#   Host configuration of cracklib.
#
#   Defines location of database used by cracklib as well as files
#   used to create this database.  The database location,
#   cracklib_dictpath, is compiled into the utility programs that are
#   part of the cracklib-runtime package and should not be modified.
#   But you should definitely add additional entries to
#   cracklib_dictpath_src.  The entries are separated by spaces and
#   should be the fully qualified path to a file of words that
#   passwords should not match.  The files may optionally be compressed
#   with gzip.
#
#   The current configuration supports both the fsstnd 1.2 and fhs 2.0 
#   standard location for dictionaries.
#
# format:
#   posix shell syntax.
#
# reference:
#   1. http://www.pathname.com/fhs/2.0/fhs-toc.html
#   2. http://www.pathname.com/fhs/1.2/fsstnd-toc.html


# database (do not modify):
  readonly cracklib_dictpath="/var/cache/cracklib/cracklib_dict"


# database sources:
  cracklib_dictpath_src=""

  if [ -r "/usr/share/dict/cracklib" ]
  then
    cracklib_dictpath_src="${cracklib_dictpath_src} /usr/share/dict/cracklib"
  fi

  if [ -r "/usr/local/share/dict/cracklib" ]
  then
    cracklib_dictpath_src="${cracklib_dictpath_src} /usr/local/share/dict/cracklib"
  fi

  for i in /usr/share/dict /usr/dict /usr/local/share/dict /usr/local/dict
  do
    if [ -d $i ]
    then
      for file in $(find $i -type f -print)
      do
        if $(file -z -b ${file} | grep -q "text")
        then
          cracklib_dictpath_src="${cracklib_dictpath_src} ${file}"
        fi
      done
    fi
  done

after pam_unix.so:
    nullok use_authtok sha512 shadow remember=7
after pam_tally.so:
    retry=3 minlen=8 difok-3 reject-username minclass=3 maxrepeat=2 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1