diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:38:36 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:38:36 +0000 |
| commit | 26367bfc399cb3862f94ddca8fce87f98f26d67e (patch) | |
| tree | ba3a4e02ed5ec62fe645dfa810c01d26decf591f /modules/pam_pwhistory/README | |
| parent | Initial commit. (diff) | |
| download | pam-upstream.tar.xz pam-upstream.zip | |
Adding upstream version 1.3.1.upstream/1.3.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/pam_pwhistory/README')
| -rw-r--r-- | modules/pam_pwhistory/README | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/modules/pam_pwhistory/README b/modules/pam_pwhistory/README new file mode 100644 index 0000000..1634249 --- /dev/null +++ b/modules/pam_pwhistory/README @@ -0,0 +1,66 @@ +pam_pwhistory — PAM module to remember last passwords + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +This module saves the last passwords for each user in order to force password +change history and keep the user from alternating between the same password too +frequently. + +This module does not work together with kerberos. In general, it does not make +much sense to use this module in conjunction with NIS or LDAP, since the old +passwords are stored on the local machine and are not available on another +machine for password history checking. + +OPTIONS + +debug + + Turns on debugging via syslog(3). + +use_authtok + + When password changing enforce the module to use the new password provided + by a previously stacked password module (this is used in the example of the + stacking of the pam_cracklib module documented below). + +enforce_for_root + + If this option is set, the check is enforced for root, too. + +remember=N + + The last N passwords for each user are saved in /etc/security/opasswd. The + default is 10. Value of 0 makes the module to keep the existing contents of + the opasswd file unchanged. + +retry=N + + Prompt user at most N times before returning with error. The default is 1. + +authtok_type=STRING + + See pam_get_authtok(3) for more details. + +EXAMPLES + +An example password section would be: + +#%PAM-1.0 +password required pam_pwhistory.so +password required pam_unix.so use_authtok + + +In combination with pam_cracklib: + +#%PAM-1.0 +password required pam_cracklib.so retry=3 +password required pam_pwhistory.so use_authtok +password required pam_unix.so use_authtok + + +AUTHOR + +pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> + |