1 files changed, 16 insertions, 16 deletions

diff --git a/debian/local/common-password b/debian/local/common-password
index 45959eb5..dab20333 100644
--- a/debian/local/common-password
+++ b/debian/local/common-password
@@ -7,28 +7,28 @@
 
 # Explanation of pam_unix options:
 #
-# The "nullok" option allows users to change an empty password, else
-# empty passwords are treated as locked accounts.
-#
 # The "md5" option enables MD5 passwords.  Without this option, the
 # default is Unix crypt.
 #
 # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
 # login.defs.
 #
-# You can also use the "min" option to enforce the length of the new
-# password.
-#
 # See the pam_unix manpage for other options.
 
-password   required   pam_unix.so nullok obscure md5
-
-# Alternate strength checking for password. Note that this
-# requires the libpam-cracklib package to be installed.
-# You will need to comment out the password line above and
-# uncomment the next two in order to use this.
-# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
-#
-# password required	  pam_cracklib.so retry=3 minlen=6 difok=3
-# password required	  pam_unix.so use_authtok nullok md5
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
 
+# here are the per-package modules (the "Primary" block)
+$password_primary
+# here's the fallback if no module succeeds
+password	requisite			pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password	required			pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+$password_additional
+# end of pam-auth-update config