Please see the README for instructions common to all platforms and
descriptions of the options mentioned here.


	Linux.

Most modern Linux distributions use Linux-PAM with a password changing
module which understands "use_authtok".  Thus, you may choose which
module prompts for the old password, things should work either way.


	FreeBSD.

As of this writing (July 2002), FreeBSD-current has moved to OpenPAM
which pam_passwdqc already includes support for and it also includes
pam_passwdqc in the base system.  You should be able to use either the
included or the distributed separately version of pam_passwdqc with
FreeBSD-current.  Older versions of FreeBSD used a subset of Linux-PAM
and didn't use PAM for password changing.


	Solaris, HP-UX 11.

On Solaris 2.6, 7, and 8 (without patch 108993-18/108994-18 or later)
and on HP-UX 11, pam_passwdqc has to ask for the old password during
the update phase.  Use "ask_oldauthtok=update check_oldauthtok" with
pam_passwdqc and "use_first_pass" with pam_unix.

On Solaris 8 (with patch 108993-18/108994-18 or later) and Solaris 9,
use pam_passwdqc instead of both pam_authtok_get and pam_authtok_check,
and set "retry=1" with pam_passwdqc as the passwd command has its own
handling for that.

You will likely also need to set "max=8" in order to actually enforce
not-so-weak passwords with the obsolete traditional DES-based hashes
that most Solaris systems use and the flawed approach HP-UX uses to
process characters past 8.  Of course this way you only get about one
third of the functionality of pam_passwdqc.

$Id: PLATFORMS,v 1.8 2003/06/21 03:25:24 solar Exp $
