summaryrefslogtreecommitdiff
path: root/modules/pam_pwhistory/pam_pwhistory.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_pwhistory/pam_pwhistory.8.xml')
-rw-r--r--modules/pam_pwhistory/pam_pwhistory.8.xml125
1 files changed, 89 insertions, 36 deletions
diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
index 9e1056b2..a5185fcb 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8.xml
+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -1,46 +1,49 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_pwhistory">
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_pwhistory">
<refmeta>
<refentrytitle>pam_pwhistory</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ <refmiscinfo class="source">Linux-PAM</refmiscinfo>
+ <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
</refmeta>
- <refnamediv id="pam_pwhistory-name">
+ <refnamediv xml:id="pam_pwhistory-name">
<refname>pam_pwhistory</refname>
<refpurpose>PAM module to remember last passwords</refpurpose>
</refnamediv>
<refsynopsisdiv>
- <cmdsynopsis id="pam_pwhistory-cmdsynopsis">
+ <cmdsynopsis xml:id="pam_pwhistory-cmdsynopsis" sepchar=" ">
<command>pam_pwhistory.so</command>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
debug
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
use_authtok
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
enforce_for_root
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
remember=<replaceable>N</replaceable>
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
retry=<replaceable>N</replaceable>
</arg>
- <arg choice="opt">
+ <arg choice="opt" rep="norepeat">
authtok_type=<replaceable>STRING</replaceable>
</arg>
+ <arg choice="opt" rep="norepeat">
+ file=<replaceable>/path/filename</replaceable>
+ </arg>
+ <arg choice="opt" rep="norepeat">
+ conf=<replaceable>/path/to/config-file</replaceable>
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1 id="pam_pwhistory-description">
+ <refsect1 xml:id="pam_pwhistory-description">
<title>DESCRIPTION</title>
@@ -58,12 +61,12 @@
</para>
</refsect1>
- <refsect1 id="pam_pwhistory-options">
+ <refsect1 xml:id="pam_pwhistory-options">
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>
- <option>debug</option>
+ debug
</term>
<listitem>
<para>
@@ -76,20 +79,20 @@
</varlistentry>
<varlistentry>
<term>
- <option>use_authtok</option>
+ use_authtok
</term>
<listitem>
<para>
When password changing enforce the module to use the new password
provided by a previously stacked <option>password</option>
module (this is used in the example of the stacking of the
- <command>pam_cracklib</command> module documented below).
+ <command>pam_passwdqc</command> module documented below).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>enforce_for_root</option>
+ enforce_for_root
</term>
<listitem>
<para>
@@ -99,12 +102,12 @@
</varlistentry>
<varlistentry>
<term>
- <option>remember=<replaceable>N</replaceable></option>
+ remember=N
</term>
<listitem>
<para>
The last <replaceable>N</replaceable> passwords for each
- user are saved in <filename>/etc/security/opasswd</filename>.
+ user are saved.
The default is <emphasis>10</emphasis>. Value of
<emphasis>0</emphasis> makes the module to keep the existing
contents of the <filename>opasswd</filename> file unchanged.
@@ -113,7 +116,7 @@
</varlistentry>
<varlistentry>
<term>
- <option>retry=<replaceable>N</replaceable></option>
+ retry=N
</term>
<listitem>
<para>
@@ -126,7 +129,7 @@
<varlistentry>
<term>
- <option>authtok_type=<replaceable>STRING</replaceable></option>
+ authtok_type=STRING
</term>
<listitem>
<para>
@@ -137,17 +140,49 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ file=/path/filename
+ </term>
+ <listitem>
+ <para>
+ Store password history in file <filename>/path/filename</filename>
+ rather than the default location. The default location is
+ <filename>/etc/security/opasswd</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ conf=/path/to/config-file
+ </term>
+ <listitem>
+ <para>
+ Use another configuration file instead of the default
+ <filename>/etc/security/pwhistory.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
+ <para>
+ The options for configuring the module behavior are described in the
+ <citerefentry><refentrytitle>pwhistory.conf</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> manual page. The options
+ specified on the module command line override the values from the
+ configuration file.
+ </para>
</refsect1>
- <refsect1 id="pam_pwhistory-types">
+ <refsect1 xml:id="pam_pwhistory-types">
<title>MODULE TYPES PROVIDED</title>
<para>
Only the <option>password</option> module type is provided.
</para>
</refsect1>
- <refsect1 id='pam_pwhistory-return_values'>
+ <refsect1 xml:id="pam_pwhistory-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
@@ -186,7 +221,7 @@
</variablelist>
</refsect1>
- <refsect1 id='pam_pwhistory-examples'>
+ <refsect1 xml:id="pam_pwhistory-examples">
<title>EXAMPLES</title>
<para>
An example password section would be:
@@ -197,39 +232,57 @@ password required pam_unix.so use_authtok
</programlisting>
</para>
<para>
- In combination with <command>pam_cracklib</command>:
+ In combination with <command>pam_passwdqc</command>:
<programlisting>
#%PAM-1.0
-password required pam_cracklib.so retry=3
+password required pam_passwdqc.so config=/etc/passwdqc.conf
password required pam_pwhistory.so use_authtok
password required pam_unix.so use_authtok
</programlisting>
</para>
</refsect1>
- <refsect1 id="pam_pwhistory-files">
+ <refsect1 xml:id="pam_pwhistory-files">
<title>FILES</title>
<variablelist>
<varlistentry>
- <term><filename>/etc/security/opasswd</filename></term>
+ <term>/etc/security/opasswd</term>
<listitem>
- <para>File with password history</para>
+ <para>Default file with password history</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/security/pwhistory.conf</filename></term>
+ <listitem>
+ <para>Config file for pam_pwhistory options</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry condition="with_vendordir">
+ <term><filename>%vendordir%/security/pwhistory.conf</filename></term>
+ <listitem>
+ <para>
+ Config file for pam_pwhistory options. It will be used if
+ <filename>/etc/security/pwhistory.conf</filename> does not exist.
+ </para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
- <refsect1 id='pam_pwhistory-see_also'>
+ <refsect1 xml:id="pam_pwhistory-see_also">
<title>SEE ALSO</title>
<para>
<citerefentry>
+ <refentrytitle>pwhistory.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum>
</citerefentry>
<citerefentry>
<refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum>
@@ -237,11 +290,11 @@ password required pam_unix.so use_authtok
</para>
</refsect1>
- <refsect1 id='pam_pwhistory-author'>
+ <refsect1 xml:id="pam_pwhistory-author">
<title>AUTHOR</title>
<para>
pam_pwhistory was written by Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;
</para>
</refsect1>
-</refentry>
+</refentry> \ No newline at end of file