## /etc/pam.d/common-password - password-related modules common to all service

1. #
2. # /etc/pam.d/common-password - password-related modules common to all services
3. #
4. # This file is included from other service-specific PAM config files,
5. # and should contain a list of modules that define the services to be
6. # used to change user passwords. The default is pam_unix.
7.  
8. # Explanation of pam_unix options:
9. #
10. # The "nullok" option allows users to change an empty password, else
11. # empty passwords are treated as locked accounts.
12. #
13. # The "md5" option enables MD5 passwords. Without this option, the
14. # default is Unix crypt.
15. #
16. # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
17. # login.defs.
18. #
19. # You can also use the "min" option to enforce the length of the new
20. # password.
21. #
22. # See the pam_unix manpage for other options.
23.  
24.  
25.  
26.  
27. # Alternate strength checking for password. Note that this
28. # requires the libpam-cracklib package to be installed.
29. # You will need to comment out the password line above and
30. # uncomment the next two in order to use this.
31. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
32. #
33. password required pam_cracklib.so retry=3 minlen=6 difok=3
34. password required pam_unix.so md5 remember=4
35.  
36.  
37.  
38. # minimally-intrusive inclusion of smbpass in the stack for
39. # synchronization. If the module is absent or the passwords don't
40. # match, this module will be ignored without prompting; and if the
41. # passwords do match, the NTLM hash for the user will be updated
42. # automatically.
43. password optional pam_smbpass.so nullok use_authtok use_first_pass missingok
44.