path: root/modules/pam_unix/pam_unix.8
diff options
authorSteve Langasek <>2019-01-22 14:54:11 -0800
committerSteve Langasek <>2019-01-22 14:54:11 -0800
commitf00afb1ef201b2eef7f9ddbe5a0c6ca802cf49bb (patch)
tree402838c53047b0e21466a653ae88d86a8e4b7b65 /modules/pam_unix/pam_unix.8
parent795badba7f95e737f979917859cd32c9bd47bcad (diff)
parent1cad9fb2a0d729c5b5e5aa7297c521df7d5a2d33 (diff)
New upstream version 1.3.0
Diffstat (limited to 'modules/pam_unix/pam_unix.8')
1 files changed, 31 insertions, 6 deletions
diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
index 59d5f173..4ca84495 100644
--- a/modules/pam_unix/pam_unix.8
+++ b/modules/pam_unix/pam_unix.8
@@ -2,12 +2,12 @@
.\" Title: pam_unix
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <>
-.\" Date: 09/19/2013
+.\" Date: 04/19/2016
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
-.TH "PAM_UNIX" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_UNIX" "8" "04/19/2016" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -56,6 +56,10 @@ to work without being setuid\-root\&. The module, by default, will temporarily t
module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&.
+The maximum length of a password supported by the pam_unix module via the helper binary is
+\- currently 512 bytes\&. The rest of the password provided by the conversation function to the module will be ignored\&.
The password component of this module performs the task of updating the user\*(Aqs password\&. The default encryption hash is taken from the
variable from
@@ -78,6 +82,12 @@ Turns on debugging via
A little more extreme than debug\&.
+.RS 4
+Turns off informational messages namely messages about session open and close via
.RS 4
The default action of this module is to not permit the user access to a service if their official password is blank\&. The
@@ -111,9 +121,9 @@ module (this is used in the example of the stacking of the
module documented below)\&.
.RS 4
-This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\&.
+This argument can be used to modify the password prompt when changing passwords to include the type of the password\&. Empty by default\&.
@@ -127,7 +137,7 @@ The last
passwords for each user are saved in
-in order to force password change history and keep the user from alternating between the same password too frequently\&. Instead of this option the
+in order to force password change history and keep the user from alternating between the same password too frequently\&. The MD5 password hash algorithm is used for storing the old passwords\&. Instead of this option the
module should be used\&.
@@ -186,6 +196,21 @@ Set a minimum password length of
characters\&. The max\&. for DES crypt based passwords are 8 characters\&.
+.RS 4
+When set ignore password expiration as defined by the
+entry of the user\&. The option has an effect only in case
+was not used for the authentication or it returned authentication failure meaning that other authentication source or method succeeded\&. The example can be public key authentication in
+\fIsshd\fR\&. The module will return
+instead of eventual
Invalid arguments are logged with
@@ -215,7 +240,7 @@ would be:
auth required pam_unix\&.so
# Ensure users account and password are still active
account required pam_unix\&.so
-# Change the users password, but at first check the strength
+# Change the user\*(Aqs password, but at first check the strength
# with pam_cracklib(8)
password required pam_cracklib\&.so retry=3 minlen=6 difok=3
password required pam_unix\&.so use_authtok nullok md5