Our fanout driver seems to insist on creating DES passwords on the target
machine and not md5. The target machines are all modern and accept md5.

The following /etc/pam.d/passwd causes password changes on the local test
box to be created but the fanout doesn't seem to use this:

#%PAM-1.0
auth sufficient pam_ascauth.so stats
auth required pam_unix.so nullok
account sufficient pam_ascauth.so stats
account required pam_unix.so
password required pam_ascauth.so stats
password required pam_pwcheck.so nullok
password required pam_unix.so nullok use_first_pass use_authtok
obscure min=4 max=8 md5
session required pam_unix.so

I've verified that the passwords created by the fanout driver in
/etc/shadow are indeed DES. For instance if I change the password of
CSchmoe in Linux, it sets the shadow file to:

CSchmoe:$1$3yzzVtsz$dDf53Wsb4sm/8GYc6cVn21:13241:0:99999:7:::
DSchmoeGkWeGc3erKBo:13241:0:99999:7:::

A resync using
/usr/local/ASAM/bin/PlatformServices/PlatformReceiver/asamrcvr -f

CSchmoe:$1jjFGw.ZPik2:13241:0:99999:7:::
DSchmoeGkWeGc3erKBo:13241:0:99999:7:::

I'm using SLES 9 on my eDir server and Novell Linux Desktop 10 for the
workstation in test.