#
#  secModeEnable/secModeDisable command configuration : /etc/pam.d/chsecmode
#
#  Authentication is needed before allowing either commands to proceed.
#
#  set_crypt_env: would (MD5) hash the password and set the hashed value
#  to a PAM environment variable NEWCRYPT to be available to application.
#
#  Only pam_fabos.so is needed. Can stack the pam_cracklib module after
#  pam_fabos.so. However, pam_cracklib only enforces its rule if UID > 0.
#

auth		required	pam_fabos.so
auth		required	pam_unix.so debug use_first_pass
password	required	pam_fabos.so set_crypt_env cmp_hash max_try=3 \
				never_ask_old
