Hi! Currently unix_chkpwd is non-suid, hence PAM is usable for suid progs only. I propose to make it suid (as it is done in many distros). PAM calls it from $pam, so we'll need to create a symlink $pam/sbin/unix_chkpwd -> /var/setuid-wrappers/unix_chkpwd. This change will trigger a rather large rebuild. If nobody objects, I'll commit it tomorrow.