This configuration parameter specifies whether to include the UNIX password hash in response to the getpw* commands. The parameter value can be true or false. The default value for the parameter is false because the password hash is sensitive information and can make a system vulnerable to a brute force attack. However, if you have applications, such as Informix, that validate users based on the password hash retrieved from NSS, you can set this parameter to true to accommodate those applications.

If you set this parameter to true, however, you must also install a password synchronization service on all of the domain controllers in the domain. The password synchronization service can be the Centrify Password Filter, or the Password Synchronization Service provided by Microsoft in Windows Server 2003 R2 or in the Microsoft Services for UNIX (SFU) package.