rhel_system_auth.j2 is still using pam_passwdqc.so for CentOS 7

[ghost]

Sep 25 13:04:18 VH07 sudoedit[19076]: PAM unable to dlopen(/usr/lib64/security/pam_passwdqc.so): /usr/lib64/security/pam_passwdqc.so: cannot open shared object file: No such file or directory
Sep 25 13:04:18 VH07 sudoedit[19076]: PAM adding faulty module: /usr/lib64/security/pam_passwdqc.so

The /templates/rhel_system_auth.j2 is still referring to pam_passwdqc , which is no longer available in CentOS >7. This breaks some things like passwd.

Currently I'm setting set os_auth_pam_passwdqc_enable to false.
A more permanent solution could be using password required pam_pwquality.so retry=3 and creating /etc/security/pwquality.conf as suggested in the
RHEL 7 Security Guide

This issue will probably apply on other *-os-hardening, although I can't verify this.

[rndmh3ro]

Hi @shirokatze, thanks for reporting this!
We actually install pam_pwquality on RHEL7 but do not set the correct configuration.
I'll fix this!