ACC SHELL

This is the README for pam_pwcheck
----------------------------------

pam_pwcheck comes as one module: pam_pwcheck.so
It makes additional checks upon password changes, but it doesn't
make the change itself. It only provides functions for "passwd",
not for authentication, accounting or session management.

This PAM module reads /etc/login.defs. Please read the manual
page for this configuration file for more information.

Options for:
passwd: for password checking it provides the pam_sm_chauthtok() hook.

        "debug", "not_set_pass", "use_first_pass", "use_authtok", "md5",
	"bigcrypt", "blowfish", "remember" and "use_cracklib" arguments
	are accepted.

		"nullok" -> 	A null password is Ok. This does not overwrite
				a hardcoded default by the calling process.

                "not_set_pass" -> Don't make password available for other
                                modules.

                "use_first_pass" -> Use only the old password from a previous
                                stacked module.

                "use_authtok" -> Set the new password to the one provided by
                                the previously stacked password module.

		"md5", "bigcrypt" -> Don't use the standard crypt
				function, instead use md5 hashes or the
				bigcrypt function.

		"blowfish", "bf" -> Use blowfish crypt.

		"remember=XX" -> remember the last XX number of passwords	
				 and don't allow the user to use it again
				 for the next XX password changes. XX is
				 a number between 1 and 400.

		"use_cracklib" -> Use cracklib library for password check

pam_pwcheck also uses some variables from /etc/login.defs: PASS_ALWAYS_WARN,
PASS_MIN_LEN, PASS_MAX_LEN, OBSCURE_CHECKS_ENAB, CRACKLIB_DICTPATH and
PASS_CHANGE_TRIES. Please read the login.defs manual page from the shadow
package for more information.

 Thorsten Kukuk <kukuk@suse.de>, 5. January 2002