password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=

minlen=12 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 enforce_for_root

password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= minlen=12 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 enforce_for_root

密码长度12，须包含：一个小写字符，一个大写字符，一个数字，一个特殊字符，强制root也遵守此规则

retry=3: This option will prompt the user 3 times before exiting and returning an error.
minlen=12: This specifies that the password cannot be less than 12 characters.
maxrepeat=3: This allows implies that only a maximum of 3 repeated characters can be included in the password.
ucredit=-1: The option requires at least one uppercase character in the password.
lcredit=-1: The option requires at least one lowercase character in the password.
dcredit=-1: This implies that the password should have at last a numeric character.
ocredit=-1: The option requires at least one special character included in the password.
difok=3: This implies that only a  maximum of 3 character changes in the new password should be present in the old password.
reject_username: The option rejects a password if it consists of the username either in its normal way or in reverse.
enforce_for_root: This ensures that the password policies are adhered to even if it’s the root user configuring the passwords.