Use pam_passwdqc in Slackware if it exists

tasks/pam.yml

@@ -191,7 +191,7 @@
         insertbefore: '^# here are the per-package modules \(the "Primary" block\)$'
         backup: true
 
-- name: Create custom /etc/pam.d/system-auth for Slackware
+- name: Slackware system-auth
   become: true
   when: ansible_distribution == "Slackware"
   tags:
@@ -200,13 +200,20 @@
     - configuration
     - authorization
     - passwords
-  ansible.builtin.template:
-    src: system-auth.j2
-    dest: /etc/pam.d/system-auth
-    owner: root
-    group: root
-    mode: '0644'
-    backup: true
+  block:
+    - name: Stat /lib64/security/pam_passwdqc.so
+      ansible.builtin.stat:
+        path: /lib64/security/pam_passwdqc.so
+      register: passwdqc_stat
+      tags: check
+    - name: Create custom /etc/pam.d/system-auth for Slackware
+      ansible.builtin.template:
+        src: system-auth.j2
+        dest: /etc/pam.d/system-auth
+        owner: root
+        group: root
+        mode: '0644'
+        backup: true
 
 # postlogin doesn't include any auth lines
 - name: Remove auth include postlogin (Slackware)

templates/system-auth.j2

@@ -50,8 +50,11 @@ account     required      pam_permit.so
 # Default password quality checking with pam_pwquality. If you don't want
 # password quality checking, comment out these two lines and uncomment the
 # traditional password handling line below.
+{% if passwdqc_stat.stat.exists %}
+password    requisite     pam_passwdqc.so
+{% else %}
 password    requisite     pam_pwquality.so minlen=14 retry=3
-#password    requisite     pam_passwdqc.so
+{% endif %}
 password    sufficient    pam_unix.so sha512 shadow minlen=14 try_first_pass use_authtok rounds={{ crypt_rounds }}
 
 # Traditional password handling without pam_pwquality password checking.