as far as i understand, the essence of the problem is the lack of dependence on the cracklib-runtime package.
if you install libpam-pwquality in the standard way, the error does not occur: $ unset opt $ export image=debian:trixie $ docker run -it --rm $image /bin/sh -c "useradd -m test && echo 'test:first0strong1pass2' | chpasswd && apt-get -yq update && apt-get -yq install $opt libpam-pwquality expect && su - test -c \"echo \\\"set timeout -1; spawn passwd; expect \\\\\\\"Current password:\\\\\\\"; send \\\\\\\"first0strong1pass2\r\\\\\\\"; expect \\\\\\\"New password:\\\\\\\"; send \\\\\\\"very1strong2pass3\r\\\\\\\"; expect \\\\\\\"Retype new password:\\\\\\\"; send \\\\\\\"very1strong2pass3\r\\\\\\\"; expect eof\\\" | expect -\"" ... The following NEW packages will be installed: cracklib-runtime expect file libcrack2 libmagic-mgc libmagic1t64 libpam-pwquality libpwquality-common libpwquality1 libtcl8.6 tcl-expect tcl8.6 wamerican ... spawn passwd Changing password for test. Current password: New password: Retype new password: passwd: password updated successfully but if you install without the recommended packages, it is impossible to change the password (please note that the cracklib package is not installed): $ export opt=--no-install-recommends $ export image=debian:trixie $ docker run -it --rm $image /bin/sh -c "useradd -m test && echo 'test:first0strong1pass2' | chpasswd && apt-get -yq update && apt-get -yq install $opt libpam-pwquality expect && su - test -c \"echo \\\"set timeout -1; spawn passwd; expect \\\\\\\"Current password:\\\\\\\"; send \\\\\\\"first0strong1pass2\r\\\\\\\"; expect \\\\\\\"New password:\\\\\\\"; send \\\\\\\"very1strong2pass3\r\\\\\\\"; expect \\\\\\\"Retype new password:\\\\\\\"; send \\\\\\\"very1strong2pass3\r\\\\\\\"; expect eof\\\" | expect -\"" ... Recommended packages: cracklib-runtime The following NEW packages will be installed: expect libcrack2 libpam-pwquality libpwquality-common libpwquality1 libtcl8.6 tcl-expect tcl8.6 ... spawn passwd Changing password for test. Current password: New password: /var/cache/cracklib/cracklib_dict.pwd: No such file or directory BAD PASSWORD: The password fails the dictionary check - error loading dictionary New password:
