I've been working on a package for pam_passwdqc, a password strength checking module, an I'm encountering a problem with module stacking. I'm wondering if this has been encountered with other PAM modules and has a suffestion. If I configure PAM like this: password requisite /usr/pkg/lib/security/pam_passwdqc.so ask_oldauthtok password required pam_unix.so no_warn use_first_pass debug $ passwd Changing password for john. Enter current password: You can now choose the new password or passphrase. A valid password should be a mix of upper and lower case letters, digits, and other characters. You can use a 9 character long password with characters from at least 3 of these 4 classes, or an 8 character long password containing characters from all the classes. An upper case letter that begins the password and a digit that ends it do not count towards the number of character classes used. A passphrase should be of at least 3 words, 12 to 40 characters long and contain enough different characters. Alternatively, if noone else can see your terminal now, you can pick this as your password: "piston worthy rune sheer hair". Enter new password: Re-type new password: Unable to change auth token: authentication error and the following is logged: passwd: in _openpam_check_error_code(): pam_sm_chauthtok(): unexpected return value 9 If I change from use_first_pass try_first_pass it works, but, password must be entered for each PAM module. -- John R. Shannon STAR Technologies, LLC A DSCI Company jshannon%dsci.com@localhost john.r.shannon%us.army.mil@localhost shannonjr%NetBSD.org@localhost