/usr/share/doc/libpam-doc/html/sag-pam_pwhistory.html is in libpam-doc 1.1.3-7ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>6.25. pam_pwhistory - grant access using .pwhistory file</title><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-module-reference.html" title="Chapter 6. A reference guide for available modules"><link rel="prev" href="sag-pam_permit.html" title="6.24. pam_permit - the promiscuous module"><link rel="next" href="sag-pam_rhosts.html" title="6.26. pam_rhosts - grant access using .rhosts file"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.25. pam_pwhistory - grant access using .pwhistory file</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-pam_permit.html">Prev</a> </td><th width="60%" align="center">Chapter 6. A reference guide for available modules</th><td width="20%" align="right"> <a accesskey="n" href="sag-pam_rhosts.html">Next</a></td></tr></table><hr></div><div class="section" title="6.25. pam_pwhistory - grant access using .pwhistory file"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-pam_pwhistory"></a>6.25. pam_pwhistory - grant access using .pwhistory file</h2></div></div></div><div class="cmdsynopsis"><p><code class="command">pam_pwhistory.so</code> [
debug
] [
use_authtok
] [
enforce_for_root
] [
remember=<em class="replaceable"><code>N</code></em>
] [
retry=<em class="replaceable"><code>N</code></em>
] [
authtok_type=<em class="replaceable"><code>STRING</code></em>
]</p></div><div class="section" title="6.25.1. DESCRIPTION"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_pwhistory-description"></a>6.25.1. DESCRIPTION</h3></div></div></div><p>
This module saves the last passwords for each user in order
to force password change history and keep the user from
alternating between the same password too frequently.
</p><p>
This module does not work together with kerberos. In general,
it does not make much sense to use this module in conjunction
with NIS or LDAP, since the old passwords are stored on the
local machine and are not available on another machine for
password history checking.
</p></div><div class="section" title="6.25.2. OPTIONS"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_pwhistory-options"></a>6.25.2. OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
Turns on debugging via
<span class="citerefentry"><span class="refentrytitle">syslog</span>(3)</span>.
</p></dd><dt><span class="term">
<code class="option">use_authtok</code>
</span></dt><dd><p>
When password changing enforce the module to use the new password
provided by a previously stacked <code class="option">password</code>
module (this is used in the example of the stacking of the
<span class="command"><strong>pam_cracklib</strong></span> module documented below).
</p></dd><dt><span class="term">
<code class="option">enforce_for_root</code>
</span></dt><dd><p>
If this option is set, the check is enforced for root, too.
</p></dd><dt><span class="term">
<code class="option">remember=<em class="replaceable"><code>N</code></em></code>
</span></dt><dd><p>
The last <em class="replaceable"><code>N</code></em> passwords for each
user are saved in <code class="filename">/etc/security/opasswd</code>.
The default is <span class="emphasis"><em>10</em></span>.
</p></dd><dt><span class="term">
<code class="option">retry=<em class="replaceable"><code>N</code></em></code>
</span></dt><dd><p>
Prompt user at most <em class="replaceable"><code>N</code></em> times
before returning with error. The default is
<span class="emphasis"><em>1</em></span>.
</p></dd><dt><span class="term">
<code class="option">authtok_type=<em class="replaceable"><code>STRING</code></em></code>
</span></dt><dd><p>
See <span class="citerefentry"><span class="refentrytitle">pam_get_authtok</span>(3)</span> for more details.
</p></dd></dl></div></div><div class="section" title="6.25.3. MODULE TYPES PROVIDED"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_pwhistory-types"></a>6.25.3. MODULE TYPES PROVIDED</h3></div></div></div><p>
Only the <code class="option">password</code> module type is provided.
</p></div><div class="section" title="6.25.4. RETURN VALUES"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_pwhistory-return_values"></a>6.25.4. RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTHTOK_ERR</span></dt><dd><p>
No new password was entered, the user aborted password
change or new password couldn't be set.
</p></dd><dt><span class="term">PAM_IGNORE</span></dt><dd><p>
Password history was disabled.
</p></dd><dt><span class="term">PAM_MAXTRIES</span></dt><dd><p>
Password was rejected too often.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User is not known to system.
</p></dd></dl></div></div><div class="section" title="6.25.5. FILES"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_pwhistory-files"></a>6.25.5. FILES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term"><code class="filename">/etc/security/opasswd</code></span></dt><dd><p>File with password history</p></dd></dl></div></div><div class="section" title="6.25.6. EXAMPLES"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_pwhistory-examples"></a>6.25.6. EXAMPLES</h3></div></div></div><p>
An example password section would be:
</p><pre class="programlisting">
#%PAM-1.0
password required pam_pwhistory.so
password required pam_unix.so use_authtok
</pre><p>
</p><p>
In combination with <span class="command"><strong>pam_cracklib</strong></span>:
</p><pre class="programlisting">
#%PAM-1.0
password required pam_cracklib.so retry=3
password required pam_pwhistory.so use_authtok
password required pam_unix.so use_authtok
</pre><p>
</p></div><div class="section" title="6.25.7. AUTHOR"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_pwhistory-author"></a>6.25.7. AUTHOR</h3></div></div></div><p>
pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de>
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-pam_permit.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sag-module-reference.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sag-pam_rhosts.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">6.24. pam_permit - the promiscuous module </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top"> 6.26. pam_rhosts - grant access using .rhosts file</td></tr></table></div></body></html>
|