The name of a program that can be used to check password complexity. The password is sent to the program's standard input. The program must return 0 on a good password, or any other value if the password is bad. In case the password is considered weak (the program does not return 0) the user will be notified and the password change will fail. In Samba AD, this script will be run AS ROOT by samba 8 without any substitutions. Note that starting with Samba 4.11 the following environment variables are exported to the script: SAMBA_CPS_ACCOUNT_NAME is always present and contains the sAMAccountName of user, the is the same as the %u substitutions in the none AD DC case. SAMBA_CPS_USER_PRINCIPAL_NAME is optional in the AD DC case if the userPrincipalName is present. SAMBA_CPS_FULL_NAME is optional if the displayName is present. Note: In the example directory is a sample program called crackcheck that uses cracklib to check the password quality. Disabled /usr/local/sbin/crackcheck