| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 |
- pam_pwhistory — PAM module to remember last passwords
- ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
- DESCRIPTION
- This module saves the last passwords for each user in order to force password
- change history and keep the user from alternating between the same password too
- frequently.
- This module does not work together with kerberos. In general, it does not make
- much sense to use this module in conjunction with NIS or LDAP, since the old
- passwords are stored on the local machine and are not available on another
- machine for password history checking.
- OPTIONS
- debug
- Turns on debugging via syslog(3).
- use_authtok
- When password changing enforce the module to use the new password provided
- by a previously stacked password module (this is used in the example of the
- stacking of the pam_passwdqc module documented below).
- enforce_for_root
- If this option is set, the check is enforced for root, too.
- remember=N
- The last N passwords for each user are saved in /etc/security/opasswd. The
- default is 10. Value of 0 makes the module to keep the existing contents of
- the opasswd file unchanged.
- retry=N
- Prompt user at most N times before returning with error. The default is 1.
- authtok_type=STRING
- See pam_get_authtok(3) for more details.
- EXAMPLES
- An example password section would be:
- #%PAM-1.0
- password required pam_pwhistory.so
- password required pam_unix.so use_authtok
- In combination with pam_passwdqc:
- #%PAM-1.0
- password required pam_passwdqc.so config=/etc/passwdqc.conf
- password required pam_pwhistory.so use_authtok
- password required pam_unix.so use_authtok
- AUTHOR
- pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de>
|
