# /etc/pam.d/common-password - how most services change the password. # (Note, many services can't handle the dialog for changing the password.) # jimc hacks for Kerberos (krb5) authentication # PAM parameters for password modules: # nullok Allow to change an empty password; otherwise it is # interpreted as a locked account. # use_authtok Use the new password saved by a previous module. # Otherwise a separate new password is asked for. # use_first_pass The default is to use the old password saved by a # previous module, or if none, to ask for it. With # use_first_pass it fails if there is no old password. # Usually you don't want this. # To enable Blowfish or MD5 passwords, you should edit # /etc/default/passwd. # # Alternate strength checking for passwords should be configured # in /etc/security/pam_pwcheck.conf. password requisite pam_pwcheck.so nullok debug # SuSE 11.4 has pam_gnome_keyring for everyone. I can't get it to work right. # If any mechanism fails, we want to do all the others anyway, because only # system users are in /etc/shadow, and they are usually not in LDAP or Kerberos. password optional pam_unix2.so nullok use_authtok use_first_pass debug password optional pam_ldap.so use_authtok use_first_pass ignore_unknown_user ignore_authinfo_unavail password optional pam_krb5.so use_authtok use_first_pass ignore_unknown_principals