# # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # The "md5" option enables MD5 passwords. Without this option, the # default is Unix crypt. # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # You can also use the "min" option to enforce the length of the new # password. # # See the pam_unix manpage for other options. # password requisite pam_unix.so nullok obscure md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # #password required pam_cracklib.so retry=3 minlen=6 difok=3 # pre_auth-client-config # password sufficient pam_ldap.so use_authtok # pre_auth-client-config # password required pam_unix.so use_authtok nullok md5 use_first_pass # minimally-intrusive inclusion of smbpass in the stack for # synchronization. If the module is absent or the passwords don't # match, this module will be ignored without prompting; and if the # passwords do match, the NTLM hash for the user will be updated # automatically. # password optional pam_smbpass.so nullok use_authtok use_first_pass missingok password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5