Cracklib

CrackLib was a follow-up version of the libCrack password checking library and is licensed under the LGPL. With -1.4.0 it has been deprecated in favor of. See PAM for current configuration.

CrackLib
Add the  USE flag to  and re-emerge world to update any package that include support for CrackLib:

Verify these two packages are installed:

Now create a database:

Using pdbedit
pdbedit is a tool that can be used only by root. It is used to manage the passdb backend, as well as domain-wide account policy settings. pdbedit can be used to: Commands will be executed to establish controls for our domain as follows:
 * Add, remove, or modify user accounts.
 * List user accounts.
 * Migrate user accounts.
 * Migrate group accounts.
 * Manage account policies.
 * Manage domain access policy settings.
 * 1) Min password length = 8 characters.
 * 2) Password history = last 4 passwords.
 * 3) Maximum password age = 90 days.
 * 4) Minimum password age = 7 days.
 * 5) Bad lockout attempt = 8 bad log on attempts.
 * 6) Lockout duration = forever, account must be manually re-enabled.

The following command execution will achieve these settings:

CrackCheck
Next crackcheck can be used to check complicity of passwords:

Unpack samba-*.tar.gz and cd to. Then compile it:

Copy this to somewhere more sensible:

Edit Samba's configuration file:

Reload samba configuration:

External resources

 * pdbedit
 * crackcheck