diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:01:37 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:01:37 +0000 |
commit | de848d9e9146434817c65d74d1d0313e9d729462 (patch) | |
tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_pwhistory/README | |
parent | Initial commit. (diff) | |
download | pam-upstream.tar.xz pam-upstream.zip |
Adding upstream version 1.4.0.upstream/1.4.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | modules/pam_pwhistory/README | 66 | ||||
-rw-r--r-- | modules/pam_pwhistory/README.xml | 41 |
2 files changed, 107 insertions, 0 deletions
diff --git a/modules/pam_pwhistory/README b/modules/pam_pwhistory/README new file mode 100644 index 0000000..1634249 --- /dev/null +++ b/modules/pam_pwhistory/README @@ -0,0 +1,66 @@ +pam_pwhistory — PAM module to remember last passwords + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +This module saves the last passwords for each user in order to force password +change history and keep the user from alternating between the same password too +frequently. + +This module does not work together with kerberos. In general, it does not make +much sense to use this module in conjunction with NIS or LDAP, since the old +passwords are stored on the local machine and are not available on another +machine for password history checking. + +OPTIONS + +debug + + Turns on debugging via syslog(3). + +use_authtok + + When password changing enforce the module to use the new password provided + by a previously stacked password module (this is used in the example of the + stacking of the pam_cracklib module documented below). + +enforce_for_root + + If this option is set, the check is enforced for root, too. + +remember=N + + The last N passwords for each user are saved in /etc/security/opasswd. The + default is 10. Value of 0 makes the module to keep the existing contents of + the opasswd file unchanged. + +retry=N + + Prompt user at most N times before returning with error. The default is 1. + +authtok_type=STRING + + See pam_get_authtok(3) for more details. + +EXAMPLES + +An example password section would be: + +#%PAM-1.0 +password required pam_pwhistory.so +password required pam_unix.so use_authtok + + +In combination with pam_cracklib: + +#%PAM-1.0 +password required pam_cracklib.so retry=3 +password required pam_pwhistory.so use_authtok +password required pam_unix.so use_authtok + + +AUTHOR + +pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> + diff --git a/modules/pam_pwhistory/README.xml b/modules/pam_pwhistory/README.xml new file mode 100644 index 0000000..f048e32 --- /dev/null +++ b/modules/pam_pwhistory/README.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" +"http://www.docbook.org/xml/4.3/docbookx.dtd" +[ +<!-- +<!ENTITY pamaccess SYSTEM "pam_pwhistory.8.xml"> +--> +]> + +<article> + + <articleinfo> + + <title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_pwhistory.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_pwhistory-name"]/*)'/> + </title> + + </articleinfo> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_pwhistory.8.xml" xpointer='xpointer(//refsect1[@id = "pam_pwhistory-description"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_pwhistory.8.xml" xpointer='xpointer(//refsect1[@id = "pam_pwhistory-options"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_pwhistory.8.xml" xpointer='xpointer(//refsect1[@id = "pam_pwhistory-examples"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_pwhistory.8.xml" xpointer='xpointer(//refsect1[@id = "pam_pwhistory-author"]/*)'/> + </section> + +</article> |