It *definitely* doesn't connect to the net to check passwords. John's on a roll.
It uses cracklib, i assume.
Name : cracklib Relocations: (not relocatable)
Version : 2.8.12 Vendor: Fedora Project
Release : 2 Build Date: Wed 20 Feb 2008 04:23:42 AM MST
Install Date: Mon 05 May 2008 10:51:47 PM MDT Build Host: xenbuilder4.fedora.phx.redhat.com
Group : System Environment/Libraries Source RPM: cracklib-2.8.12-2.src.rpm
Size : 110453 License: GPLv2
Signature : DSA/SHA1, Thu 10 Apr 2008 07:49:44 AM MDT, Key ID b44269d04f2a6fd2
Packager : Fedora Project
URL : http://sourceforge.net/projects/cracklib/
Summary : A password-checking library
CrackLib tests passwords to determine whether they match certain
security-oriented characteristics, with the purpose of stopping users
from choosing passwords that are easy to guess. CrackLib performs
several tests on passwords: it tries to generate words from a username
and gecos entry and checks those words against the password; it checks
for simplistic patterns in passwords; and it checks for the password
in a dictionary.
CrackLib is actually a library containing a particular C function
which is used to check the password, as well as other C
functions. CrackLib is not a replacement for a passwd program; it must
be used in conjunction with an existing passwd program.
Install the cracklib package if you need a program to check users'
passwords to see if they are at least minimally secure. If you install
CrackLib, you will also want to install the cracklib-dicts package.