-diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml
---- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback 2011-06-21 11:04:56.000000000 +0200
-+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml 2012-05-09 11:54:34.442036404 +0200
-@@ -265,11 +265,10 @@
- <listitem>
- <para>
- When a user changes their password next,
-- encrypt it with the SHA256 algorithm. If the
-- SHA256 algorithm is not known to the <citerefentry>
-+ encrypt it with the SHA256 algorithm. The
-+ SHA256 algorithm must be supported by the <citerefentry>
- <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-- </citerefentry> function,
-- fall back to MD5.
-+ </citerefentry> function.
- </para>
- </listitem>
- </varlistentry>
-@@ -280,11 +279,10 @@
- <listitem>
- <para>
- When a user changes their password next,
-- encrypt it with the SHA512 algorithm. If the
-- SHA512 algorithm is not known to the <citerefentry>
-+ encrypt it with the SHA512 algorithm. The
-+ SHA512 algorithm must be supported by the <citerefentry>
- <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-- </citerefentry> function,
-- fall back to MD5.
-+ </citerefentry> function.
- </para>
- </listitem>
- </varlistentry>
-@@ -295,11 +293,10 @@
- <listitem>
- <para>
- When a user changes their password next,
-- encrypt it with the blowfish algorithm. If the
-- blowfish algorithm is not known to the <citerefentry>
-+ encrypt it with the blowfish algorithm. The
-+ blowfish algorithm must be supported by the <citerefentry>
- <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-- </citerefentry> function,
-- fall back to MD5.
-+ </citerefentry> function.
- </para>
- </listitem>
- </varlistentry>
-diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c
---- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback 2012-05-09 11:48:12.409632377 +0200
-+++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c 2012-05-09 11:48:36.953172291 +0200
-@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has
- if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
- /* libxcrypt/libc doesn't know the algorithm, use MD5 */
- pam_syslog(pamh, LOG_ERR,
-- "Algo %s not supported by the crypto backend, "
-- "falling back to MD5\n",
-+ "Algo %s not supported by the crypto backend.\n",
- on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
- on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
- on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
- if(sp) {
- memset(sp, '\0', strlen(sp));
- }
-- return crypt_md5_wrapper(password);
-+ return NULL;
- }
-
- return x_strdup(sp);