kallol
1
I have set the dcredit ucredit, ocredit to -1 following CIS recommendation but the test fails, mostlikely due to mismatch in expected value.
pam-config -a --cracklib --cracklib-retry=3 --cracklib-minlen=14 --cracklib-dcredit=-1 --cracklib-ucredit=-1 --cracklib-ocredit=-1 --cracklib-lcredit=-1
Can you point me to the code that should be changed to fix this issue.

kallol
2
apspal46-221:/etc # cat /etc/pam.d/common-password #%PAM-1.0
This file is autogenerated by pam-config. All changes
will be overwritten.
Password-related modules common to all services
This file is included from other service-specific PAM config files,
and should contain a list of modules that define the services to be
used to change user passwords.
password requisite pam_cracklib.so retry=3 minlen=14 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1
password required pam_pwhistory.so remember=5
password required pam_unix.so use_authtok nullok shadow try_first_pass
apspal46-221:/etc # grep -E “^\spassword\s+(?:required|requisite)\s+pam_cracklib.so\s+(?:\S+\s+)ucredit=(-?\d+)(?:\s+\S+)\s$” /etc/pam.d/common-password
does not match.
I think the file to change is translated-controls.rb