2 files changed, 14 insertions, 6 deletions

diff --git a/local/common-password b/local/common-password
index 9025f6b0..45959eb5 100644
--- a/local/common-password
+++ b/local/common-password
@@ -2,19 +2,26 @@
 # /etc/pam.d/common-password - password-related modules common to all services
 #
 # This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define  the services to be
-#used to change user passwords.  The default is pam_unix
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
 
+# Explanation of pam_unix options:
+#
 # The "nullok" option allows users to change an empty password, else
 # empty passwords are treated as locked accounts.
 #
-# (Add `md5' after the module name to enable MD5 passwords)
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
 #
 # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
-# login.defs. Also the "min" and "max" options enforce the length of the
-# new password.
+# login.defs.
+#
+# You can also use the "min" option to enforce the length of the new
+# password.
+#
+# See the pam_unix manpage for other options.
 
-password   required   pam_unix.so nullok obscure min=4 max=8 md5
+password   required   pam_unix.so nullok obscure md5
 
 # Alternate strength checking for password. Note that this
 # requires the libpam-cracklib package to be installed.
diff --git a/local/common-password.md5sums b/local/common-password.md5sums
index b5bde1d4..569ca682 100644
--- a/local/common-password.md5sums
+++ b/local/common-password.md5sums
@@ -1 +1,2 @@
 601ecfbc99fd359877552cb5298087ad  /etc/pam.d/common-password
+e5ae8ba8d00083c922d9d82a0432ef78  /etc/pam.d/common-password