I'm trying to configure cracklib on Debain but somewhere its not working as expected.
sudo apt-get install libpam-cracklib
root@debian:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
root@debian:~# cat /etc/pam.d/common-password | grep '^[^#]'
password requisite pam_cracklib.so retry=3 minlen=8 difok=3 ucredit=-1 lcredit=-2 dcredit=-2 ocredit=-2
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so
root@debian:~# dpkg -l | grep pam
ii bogofilter 1.2.4+dfsg1-13 amd64 fast Bayesian spam filter (meta package)
ii bogofilter-bdb 1.2.4+dfsg1-13 amd64 fast Bayesian spam filter (Berkeley DB)
ii bogofilter-common 1.2.4+dfsg1-13 amd64 fast Bayesian spam filter (common files)
ii libpam-cracklib:amd64 1.3.1-5 amd64 PAM module to enable cracklib support
ii libpam-gnome-keyring:amd64 3.28.2-5 amd64 PAM module to unlock the GNOME keyring upon login
ii libpam-modules:amd64 1.3.1-5 amd64 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.3.1-5 amd64 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.3.1-5 all Runtime support for the PAM library
ii libpam-systemd:amd64 241-7~deb10u8 amd64 system and service manager - PAM module
ii libpam0g:amd64 1.3.1-5 amd64 Pluggable Authentication Modules library
In the configuration file common-password, minimum length (minlen=8) but this is not the case, when setting password 6 digits only still able to set password.
root@debian:~# sudo passwd testing
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: password updated successfully
But this is not the case of configuring PAM and enforcing password rules.