10b0ecb56SDag-Erling SmørgravPlease see the README for instructions common to all platforms and 20b0ecb56SDag-Erling Smørgravdescriptions of the options mentioned here. 30b0ecb56SDag-Erling Smørgrav 40b0ecb56SDag-Erling Smørgrav 50b0ecb56SDag-Erling Smørgrav Linux. 60b0ecb56SDag-Erling Smørgrav 70b0ecb56SDag-Erling SmørgravMost modern Linux distributions use Linux-PAM with a password changing 80b0ecb56SDag-Erling Smørgravmodule which understands "use_authtok". Thus, you may choose which 90b0ecb56SDag-Erling Smørgravmodule prompts for the old password, things should work either way. 100b0ecb56SDag-Erling Smørgrav 110b0ecb56SDag-Erling Smørgrav 120b0ecb56SDag-Erling Smørgrav FreeBSD. 130b0ecb56SDag-Erling Smørgrav 14402783abSDag-Erling SmørgravAs of this writing (April 2002), FreeBSD-current is moving to OpenPAM 15402783abSDag-Erling Smørgravwhich pam_passwdqc already includes support for. The next step would 16402783abSDag-Erling Smørgravbe for FreeBSD to start actually using PAM from password changing. 17402783abSDag-Erling SmørgravOnce that becomes a reality, you should be able to use pam_passwdqc 18402783abSDag-Erling Smørgravwith FreeBSD. 190b0ecb56SDag-Erling Smørgrav 200b0ecb56SDag-Erling Smørgrav 210b0ecb56SDag-Erling Smørgrav Solaris. 220b0ecb56SDag-Erling Smørgrav 230b0ecb56SDag-Erling Smørgravpam_passwdqc has to ask for the old password during the update phase. 240b0ecb56SDag-Erling SmørgravUse "ask_oldauthtok=update check_oldauthtok" with pam_passwdqc and 250b0ecb56SDag-Erling Smørgrav"use_first_pass" with pam_unix. 260b0ecb56SDag-Erling Smørgrav 270b0ecb56SDag-Erling SmørgravYou will likely also need to set "max=8" in order to actually enforce 280b0ecb56SDag-Erling Smørgravnot-so-weak passwords with the obsolete "traditional" crypt(3) hashes 290b0ecb56SDag-Erling Smørgravthat most Solaris systems use. Of course this way you only get about 300b0ecb56SDag-Erling Smørgravone third of the functionality of pam_passwdqc. 31