## /etc/pam.d/common-password - password-related modules common to all service

1. #
2. # /etc/pam.d/common-password - password-related modules common to all services
3. #
4. # This file is included from other service-specific PAM config files,
5. # and should contain a list of modules that define the services to be
6. #used to change user passwords. The default is pam_unix
7.  
8. # The "nullok" option allows users to change an empty password, else
9. # empty passwords are treated as locked accounts.
10. #
11. # (Add `md5' after the module name to enable MD5 passwords)
12. #
13. # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
14. # login.defs. Also the "min" and "max" options enforce the length of the
15. # new password.
16.  
17. password sufficient pam_ldap.so
18. password required pam_unix.so nullok obscure min=4 max=8 md5
19.  
20. # Alternate strength checking for password. Note that this
21. # requires the libpam-cracklib package to be installed.
22. # You will need to comment out the password line above and
23. # uncomment the next two in order to use this.
24. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
25. #
26. # password required pam_cracklib.so retry=3 minlen=6 difok=3
27. # password required pam_unix.so use_authtok nullok md5