From de848d9e9146434817c65d74d1d0313e9d729462 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 27 Apr 2024 14:01:37 +0200
Subject: Adding upstream version 1.4.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 modules/pam_pwhistory/pam_pwhistory.8.xml | 247 ++++++++++++++++++++++++++++++
 1 file changed, 247 insertions(+)
 create mode 100644 modules/pam_pwhistory/pam_pwhistory.8.xml

(limited to 'modules/pam_pwhistory/pam_pwhistory.8.xml')

diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
new file mode 100644
index 0000000..9e1056b
--- /dev/null
+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -0,0 +1,247 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_pwhistory">
+
+  <refmeta>
+    <refentrytitle>pam_pwhistory</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_pwhistory-name">
+    <refname>pam_pwhistory</refname>
+    <refpurpose>PAM module to remember last passwords</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_pwhistory-cmdsynopsis">
+      <command>pam_pwhistory.so</command>
+      <arg choice="opt">
+        debug
+      </arg>
+      <arg choice="opt">
+        use_authtok
+      </arg>
+      <arg choice="opt">
+        enforce_for_root
+      </arg>
+      <arg choice="opt">
+        remember=<replaceable>N</replaceable>
+      </arg>
+      <arg choice="opt">
+        retry=<replaceable>N</replaceable>
+      </arg>
+      <arg choice="opt">
+        authtok_type=<replaceable>STRING</replaceable>
+      </arg>
+
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_pwhistory-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      This module saves the last passwords for each user in order
+      to force password change history and keep the user from
+      alternating between the same password too frequently.
+    </para>
+    <para>
+      This module does not work together with kerberos. In general,
+      it does not make much sense to use this module in conjunction
+      with NIS or LDAP, since the old passwords are stored on the
+      local machine and are not available on another machine for
+      password history checking.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_pwhistory-options">
+    <title>OPTIONS</title>
+    <variablelist>
+      <varlistentry>
+        <term>
+          <option>debug</option>
+        </term>
+        <listitem>
+          <para>
+            Turns on debugging via
+            <citerefentry>
+              <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+            </citerefentry>.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>use_authtok</option>
+        </term>
+        <listitem>
+          <para>
+           When password changing enforce the module to use the new password
+           provided by a previously stacked <option>password</option>
+           module (this is used in the example of the stacking of the
+           <command>pam_cracklib</command> module documented below).
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>enforce_for_root</option>
+        </term>
+        <listitem>
+          <para>
+            If this option is set, the check is enforced for root, too.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>remember=<replaceable>N</replaceable></option>
+        </term>
+        <listitem>
+          <para>
+            The last <replaceable>N</replaceable> passwords for each
+            user are saved in <filename>/etc/security/opasswd</filename>.
+            The default is <emphasis>10</emphasis>. Value of
+            <emphasis>0</emphasis> makes the module to keep the existing
+            contents of the <filename>opasswd</filename> file unchanged.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+          <term>
+            <option>retry=<replaceable>N</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+              Prompt user at most <replaceable>N</replaceable> times
+              before returning with error. The default is
+              <emphasis>1</emphasis>.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
+            <option>authtok_type=<replaceable>STRING</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+              See <citerefentry>
+	<refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum>
+      </citerefentry> for more details.
+            </para>
+          </listitem>
+        </varlistentry>
+
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_pwhistory-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+      Only the <option>password</option> module type is provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_pwhistory-return_values'>
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+      <term>PAM_AUTHTOK_ERR</term>
+        <listitem>
+          <para>
+            No new password was entered, the user aborted password
+            change or new password couldn't be set.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_IGNORE</term>
+        <listitem>
+          <para>
+            Password history was disabled.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_MAXTRIES</term>
+        <listitem>
+          <para>
+            Password was rejected too often.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_USER_UNKNOWN</term>
+        <listitem>
+          <para>
+            User is not known to system.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_pwhistory-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      An example password section would be:
+      <programlisting>
+#%PAM-1.0
+password     required       pam_pwhistory.so
+password     required       pam_unix.so        use_authtok
+      </programlisting>
+    </para>
+    <para>
+     In combination with <command>pam_cracklib</command>:
+      <programlisting>
+#%PAM-1.0
+password     required       pam_cracklib.so    retry=3
+password     required       pam_pwhistory.so   use_authtok
+password     required       pam_unix.so        use_authtok
+      </programlisting>
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_pwhistory-files">
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+        <term><filename>/etc/security/opasswd</filename></term>
+        <listitem>
+          <para>File with password history</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_pwhistory-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+      <citerefentry>
+	<refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_pwhistory-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_pwhistory was written by Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;
+      </para>
+  </refsect1>
+
+</refentry>
-- 
cgit v1.2.3