Password rules are ignored by pam_cracklib.so

O/S = Red Hat Enterprise Linux Server release 6.7 (Santiago)

Hi, I am attempting to toughen up the password rules on an existing RHEL6 server but my modified /etc/pam.d/system-auth is not working. All I want to do is have the following....

min length = 8 chars
min lower case = 1
min upper case = 1
min digits =1

I therefore changed this line:
password requisite pam_cracklib.so try_first_pass retry=3 type=

..to read..
password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=0 difok=3

To test, I created a new account, assigned a simple password, then expired it using "chage -d0 ", logged in with simple password, it forced me to change it but it let me enter a password that didn't follow the rules such as all upper case when it needs at least 1 lower case for example.

Any ideas?