It will run from cron.daily and generate a report which will be sent to email address which you specified in the configuration file. All other lines in configuration file are newline separated users which will be excluded from the check.

It was written mainly for RedHat-based Linux distros, that's why it's configuration file is located at /etc/sysconfig/pwchecker. But you can use it on any other Linux distro (such as Debian or Ubuntu) just by editing the script and choosing another location for the configuration file.

In general scenario:
- on the hardware node (a box which hosts virtual machines) you will exclude `root' in your configuration file, because all other users will use their ssh-keys to access this box, and root password (random generated at least 16 characters long) was kept as an back door to your box.
- on the virtual machine/container you won't exclude anyone, because there is no need in root's password there (in the case of OpenVZ you can easily get access to the container) and all other users will use their ssh-keys to access this container.