pam_localpwcheck is a very simple strength checking module designed for local accounts only. It is intended for use in conjunction with nss_ldap and pam_krb5 or pam_ldap, where most accounts are managed by a central directory and authentication service that can enforce rich password policy.
The following password policies are supported:
Password is a minimum length (default 8 characters)
Password has at least a certain number of character classes (default 3). The four character classes are lowercase letters, uppercase letters, arabic numerals and punctuation.
Password is not present in history (default is not to keep a password history)
The pam_localpwcheck module supports Linux and Solaris (patches may be required for Solaris 8).