Hi Group I'm having problems with the pam_cracklib module in PAM. I'm following the example from the PAM System Administrators' Guide for Cracklib pluggable password strength-checker where they say the user will be required to select a password with a minimum length of 8 and with at least 1 digit number, 1 upper case letter and 1 other character. I modified my /etc/pam.d/passwd file like so: password required pam_cracklib.so dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8 password required pam_unix2.so use_authtok nullok md5 The example mentions the use of pam_pwdb.so which I don't have on my SLES9 server so I'm using the pam_unix2.so which I've seen on the web as the alternative. I then logged in as an ordinary user and proceed to change my password to "ijnbhuy" It allows me to do so without any problems. The password is only 7 characters and does not contain any digits, uppercase letters or other (symbols) characters. This goes against the PAM module yet it was successful in changing my password. In the end I would like to get the restrictions described in the cracklib module working for more secure authentication on my server. Any help getting this fixed will be much appreciated. Stephen Disclaimer "Everything in this e-mail and attachments relating to the official business of Medscheme Holdings ( Pty ) Ltd ( Reg Number 1970/015014/07 ) is proprietary to the company. It is confidential, legally privileged and protected by law. Medscheme Holdings does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of Medscheme Holdings. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is,for whatever reason, corrupted or does not reach its intended destination."