The cracklib module is amongst the most used of all PAM modules. This module is used with the password option in a PAM configuration script to determine whether secure passwords are being deployed. The module works with a password dictionary in /usr/lib/cracklib_dict and checks to see whether the password being used is safe. The cracklib module performs other checks as well, such as, is the new password similar to the old password, is it too simple, and is it already being used? In these cases, the password will be denied if issued by a normal user. The user root, however, has the right to set simple passwords for users on a system, so cracklib determined that the user will get a warning only when a simple password is used.
Was this article helpful?