When configuring PAM with the following line:
password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,8 max=40 similar=deny retry=3 random=0 ask_oldauthtok enforce=everyone
and a change to a password is requested, the the following message is displayed:
You can now choose the new password.
A valid password should be a mix of upper and lower case letters,
digits and other characters. You can use a 2147483647 character long
password with characters from at least 3 of these 4 classes, or
an 8 character long password containing characters from all the
classes. Characters that form a common pattern are discarded by
Enter new password:
In my opinion, having a 2147483647 character long password is a bit ridiculous. When pam_passwdqc.so encounters the word "disabled" it looks like it converted to MAX_INT. Is there a better "default" character length that could be displayed?