Protect Accounts by Configuring PAM

password requisite pam_pwhistory.so ...existing_options... remember= use_authtok

auth required pam_faildelay.so delay=

password requisite pam_cracklib.so try_first_pass retry=3

password required pam_cracklib.so try_first_pass retry=3 maxrepeat=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 difok=4

password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=

difok = 4
minlen = 14
dcredit = -1
ucredit = -1
lcredit = -1
ocredit = -1
maxrepeat = 3

auth   required    pam_unix.so sha512 other arguments...

crypt_style = sha512

ENCRYPT_METHOD 

password    required    pam_unix.so sha512 other arguments...

SHA_CRYPT_MIN_ROUNDS 5000
SHA_CRYPT_MAX_ROUNDS 5000