From dad5bd7c146a842e11da19c5715db117d62f5677 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 10 Oct 2008 06:53:45 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2008-10-10 Thorsten Kukuk * configure.in: add modules/pam_pwhistory/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml. * doc/sag/pam_pwhistory.xml: New. * libpam/pam_static_modules.h: Add pam_pwhistory data. * modules/Makefile.am: Add pam_pwhistory directory. * modules/pam_pwhistory/Makefile.am: New. * modules/pam_pwhistory/README.xml: New. * modules/pam_pwhistory/opasswd.c: New. * modules/pam_pwhistory/opasswd.h: New. * modules/pam_pwhistory/pam_pwhistory.8.xml: New. * modules/pam_pwhistory/pam_pwhistory.c: New. * modules/pam_pwhistory/tst-pam_pwhistory: New. * xtests/Makefile.am: New. * xtests/run-xtests.sh: New. * xtests/tst-pam_pwhistory1.c: New. * xtests/tst-pam_pwhistory1.pamd: New. * xtests/tst-pam_pwhistory1.sh: New. * po/POTFILES.in: Add modules/pam_pwhistory/. * po/de.po: Update translations. --- modules/pam_pwhistory/pam_pwhistory.8.xml | 226 ++++++++++++++++++++++++++++++ 1 file changed, 226 insertions(+) create mode 100644 modules/pam_pwhistory/pam_pwhistory.8.xml (limited to 'modules/pam_pwhistory/pam_pwhistory.8.xml') diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml new file mode 100644 index 00000000..26d6bd15 --- /dev/null +++ b/modules/pam_pwhistory/pam_pwhistory.8.xml @@ -0,0 +1,226 @@ + + + + + + + pam_pwhistory + 8 + Linux-PAM Manual + + + + pam_pwhistory + PAM module to remember last passwords + + + + + pam_pwhistory.so + + debug + + + use_authtok + + + enforce_for_root + + + remember=N + + + retry=N + + + + + + + + DESCRIPTION + + + This module saves the last passwords for each user in order + to force password change history and keep the user from + alternating between the same password too frequently. + + + This module does not work togehter with kerberos. In general, + it does not make much sense to use this module in conjuction + with NIS or LDAP, since the old passwords are stored on the + local machine and are not available on another machine for + password history checking. + + + + + OPTIONS + + + + + + + + Turns on debugging via + + syslog3 + . + + + + + + + + + + When password changing enforce the module to use the new password + provided by a previously stacked + module (this is used in the example of the stacking of the + pam_cracklib module documented below). + + + + + + + + + + If this option is set, the check is enforced for root, too. + + + + + + + + + + The last N passwords for each + user are saved in /etc/security/opasswd. + The default is 10. + + + + + + + + + + Prompt user at most N times + before returning with error. The default is + 1. + + + + + + + + + MODULE TYPES PROVIDED + + Only the module type is provided. + + + + + RETURN VALUES + + + PAM_AUTHTOK_ERR + + + No new password was entered, the user aborted password + change or new password couldn't be set. + + + + + PAM_IGNORE + + + Password history was disabled. + + + + + PAM_MAXTRIES + + + Password was rejected too often. + + + + + PAM_USER_UNKNOWN + + + User is not known to system. + + + + + + + + EXAMPLES + + An example password section would be: + +#%PAM-1.0 +password required pam_pwhistory.so +password required pam_unix.so use_authtok + + + + In combination with pam_cracklib: + +#%PAM-1.0 +password required pam_cracklib.so retry=3 +password required pam_pwhistory.so use_authtok +password required pam_unix.so use_authtok + + + + + + FILES + + + /etc/security/opasswd + + File with password history + + + + + + + SEE ALSO + + + pam.conf5 + , + + pam.d5 + , + + pam8 + + + + + + AUTHOR + + pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> + + + + -- cgit v1.2.3