The pam_smbpass.so module provided with Samba is useful for keeping Unix and Windows passwords synchronized. The module must currently be installed manually and one must take care to avoid use of system-config-authentication which will remove it. authconfig-5.0.1-1 in today's Fedora Development lacks the string "smbpass" so I'm assuming no support is present in the latest version. An example of how to install the module in system-auth can be found in the following post, with the caveat that one must use 0.76 or later due to a bug in pam_unix. http://lists.samba.org/archive/samba-technical/2001-July/015339.html One should be able to use the module in both the auth and password sections. The module documentation can be found here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.html
A working example, from my Fedora Core 2 server: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth requisite /lib/security/$ISA/pam_unix.so likeauth nullok auth optional /lib/security/$ISA/pam_smbpass.so migrate auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth sufficient /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal auth required /lib/security/$ISA/pam_deny.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 account required /lib/security/$ISA/pam_unix.so account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type= password requisite /lib/security/$ISA/pam_smbpass.so nullok use_authtok smbconf=/etc/samba/smb.conf password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok try_first_pass md5 shadow password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_ldap.so
A valid enhancement request.