Meu sistema está me permitindo autenticar com apenas 8, por quê?
max=N (max=40)
The maximum allowed password length. This can be used to prevent users from setting passwords that may be too long for some system services. The value 8 is treated specially: if max is set to 8, passwords longer than 8 characters will not be rejected, but will be truncated to 8 characters for the strength checks and the user will be warned. This is to be used with the traditional DES-based password hashes, which truncate the password at 8 characters.
It is important that you do set max=8 if you are using the traditional hashes, or some weak passwords will pass the checks.
Fonte pam_passwdqc (8) - Página man do Linux
Eu vejo, isso é configurável?
As informações a seguir são para o SUSE. Outras distros terão arquivos de configuração semelhantes. Você terá que descobrir isso como você está "não usando uma distro padrão".
The pam_pwcheck configuration file is located at
/etc/security/pam_pwcheck.conf.In this article we are going to force the user not to have a simple password such as a dictionary word.
password: use_cracklib minlen=5 maxlen=10 tries=3 remeber=20
use_cracklibThis directive tells PAM to use the cracklib module.minlen=10This directive specifies the minimum number of alphanumeric characters allowed.maxlen=10This directive specifies the maximum number of alphanumeric characters allowed.- 'tries This directive specifies how many attempts the users is allowed before denying them to change their password. remember This directive specifies how many passwords to remember so that the user cannot use them passwords.
Fonte Definindo as políticas de senha