--- Linux-PAM-0.99.3.0/modules/pam_cracklib/pam_cracklib.c.try-first-pass	2006-01-08 10:49:05.000000000 +0100

+++ Linux-PAM-0.99.3.0/modules/pam_cracklib/pam_cracklib.c	2006-02-24 10:42:53.000000000 +0100

@@ -93,6 +93,7 @@

 	int low_credit;

 	int oth_credit;

 	int use_authtok;

+	int try_first_pass;

 	char prompt_type[BUFSIZ];

         char cracklib_dictpath[PATH_MAX];

 };

@@ -158,6 +159,10 @@

 		 opt->oth_credit = 0;

 	 } else if (!strncmp(*argv,"use_authtok",11)) {

 		 opt->use_authtok = 1;

+	 } else if (!strncmp(*argv,"use_first_pass",14)) {

+		 opt->use_authtok = 1;

+	 } else if (!strncmp(*argv,"try_first_pass",14)) {

+		 opt->try_first_pass = 1;

 	 } else if (!strncmp(*argv,"dictpath=",9)) {

 	     strncpy(opt->cracklib_dictpath, *argv+9,

 		     sizeof(opt->cracklib_dictpath) - 1);

@@ -559,7 +564,7 @@

          * set PAM_AUTHTOK and return

          */

-	if (options.use_authtok == 1) {

+	if (options.use_authtok == 1 || options.try_first_pass == 1) {

 	    const void *item = NULL;

 	    retval = pam_get_item(pamh, PAM_AUTHTOK, &item);

@@ -570,11 +575,13 @@

 	    } else if (item != NULL) {      /* we have a password! */

 		token1 = x_strdup(item);

 		item = NULL;

+		options.use_authtok = 1;    /* don't ask for the password again */

 	    } else {

 		retval = PAM_AUTHTOK_RECOVERY_ERR;         /* didn't work */

 	    }

-

-	} else {

+	}

+	

+	if (options.use_authtok != 1) {

             /* Prepare to ask the user for the first time */

             resp = NULL;

 	    retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,