以下是pwquality_pam.so(链接到手册页)。
#%PAM-1.0
#
# These lines allow a md5 systems to support passwords of at least 14
# bytes with extra credit of 2 for digits and 2 for others the new
# password must have at least three bytes that are not present in the
# old password
#
password required pam_pwquality.so \
difok=3 minlen=15 dcredit= 2 ocredit=2
password required pam_unix.so use_authtok nullok md5
问题是注释指出密码应至少包含 14 个字节。但是我认为这是错误的,因为有额外的积分。例如,我的 PAM 配置接受fu!!13371337有效密码,但不接受13371337133713,这与所提到的注释相矛盾。我的问题在于该注释,而不是 PAM 接受密码。