I can't get apache to authenticate properly with mod_auth_pam.

relevant httpd.conf lines:

Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
AuthPAM_Enabled on
AuthPAM_FallThrough off
AuthType Basic
AuthName "test"
Require valid-user


#password requisite pam_passwdqc.so enforce=users
auth required pam_unix.so try_first_pass nullok

If I change the last line from 'required' to 'sufficient', I can login
with any password. I don't know what the correct line in the above
file should be.