I have may missed this in all the traffic, but has anyone checked the PAM entry? This is what actually counts; the other files are used by administrative tools to configure PAM % grep ^password /etc/pam.d/system-auth password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so The "md5" word there is what tells the password command to use md5 encryption -- rgds Stephen