diff options
Diffstat (limited to 'modules/pam_pwhistory/README')
-rw-r--r-- | modules/pam_pwhistory/README | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/modules/pam_pwhistory/README b/modules/pam_pwhistory/README new file mode 100644 index 0000000..1634249 --- /dev/null +++ b/modules/pam_pwhistory/README @@ -0,0 +1,66 @@ +pam_pwhistory — PAM module to remember last passwords + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +This module saves the last passwords for each user in order to force password +change history and keep the user from alternating between the same password too +frequently. + +This module does not work together with kerberos. In general, it does not make +much sense to use this module in conjunction with NIS or LDAP, since the old +passwords are stored on the local machine and are not available on another +machine for password history checking. + +OPTIONS + +debug + + Turns on debugging via syslog(3). + +use_authtok + + When password changing enforce the module to use the new password provided + by a previously stacked password module (this is used in the example of the + stacking of the pam_cracklib module documented below). + +enforce_for_root + + If this option is set, the check is enforced for root, too. + +remember=N + + The last N passwords for each user are saved in /etc/security/opasswd. The + default is 10. Value of 0 makes the module to keep the existing contents of + the opasswd file unchanged. + +retry=N + + Prompt user at most N times before returning with error. The default is 1. + +authtok_type=STRING + + See pam_get_authtok(3) for more details. + +EXAMPLES + +An example password section would be: + +#%PAM-1.0 +password required pam_pwhistory.so +password required pam_unix.so use_authtok + + +In combination with pam_cracklib: + +#%PAM-1.0 +password required pam_cracklib.so retry=3 +password required pam_pwhistory.so use_authtok +password required pam_unix.so use_authtok + + +AUTHOR + +pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> + |