Comment 7 for bug 356766

I can also confirm this on 10.10, with pam-1.1.1:

$ passwd
Changing password for jesstess.
(current) UNIX password: <12345678aa>
Enter new UNIX password: <12345678bb>
Retype new UNIX password: <12345678bb>
Bad: new password must be different than the old one

You'll get this error if the first 8 characters of the old and new passwords are the same. As mentioned in bug #549915, the diff in debian/patches-applied/007_modules_pam_unix adds a pam_unix/obscure.c, including:

+ if ((msg = password_check(old, new, pwdp)) != NULL)
+ return msg;
+
+ /* The traditional crypt() truncates passwords to 8 chars. It is
+ possible to circumvent the above checks by choosing an easy
+ 8-char password and adding some random characters to it...
+ Example: "password$%^&*123". So check it again, this time
+ truncated to the maximum length. Idea from npasswd. --marekm */
+
+ if (on(UNIX_HASH_MASK,ctrl))
+ return NULL; /* unlimited password length */
+
+ if (oldlen <= 8 && newlen <= 8)
+ return NULL;
+
+ new1 = strndup(new,8);
+ old1 = strndup(old,8);
+
+ msg = password_check(old1, new1, pwdp);

So it re-runs password_check on the first 8 characters of your old and new passwords, including a check on if they're the same.

I don't know if people would prefer that UNIX_OBSCURE_CHECKS weren't set by default in Ubuntu, or if the message returned after the second password_check indicated that it only applied to the first 8 characters, or some other option.