Linux – Disable password complexity check (PAM)

I found out my system (as most modern Linux) use PAM (Pluggable Authentication Modules) and pam_cracklib module within it. pam_cracklib enforces minimum length of 6 symbols regardless of parameters, so solution is to turn it off.

One link I've read discussed editing password-ac and system-ac files in /etc/pam.d, the contents of both files were same and no explanation was given of their respective roles.

Upon study of PAM docs (The Linux-PAM System Administrators' Guide | linux-pam.org), I learned PAM configs for LINUX services are in that /etc/pam.d directory in separate files. I saw passwd file and it in found only system-ac file mentioned (added by substack keyword), so on my system I needed to edit only system-ac.

Making pam_cracklib optional made no difference (I guess that's because pam_cracklib did not pass entered and rejected pasword to next module in stack - pam_unix) and commenting line with pam_cracklib lead to errors during passwd run. I noted that next line with ordinary pam_unix had option use_authtok (docs: enforce the module to set the new password to the one provided by a previously stacked module). After I deleted that option and commented line with pam_cracklib I now able to set short passwords with passwd.