modules/pam_pwhistory/pwhistory.conf.5.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">

<refentry id="pwhistory.conf">

  <refmeta>
    <refentrytitle>pwhistory.conf</refentrytitle>
    <manvolnum>5</manvolnum>
    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
  </refmeta>

  <refnamediv id="pwhistory.conf-name">
    <refname>pwhistory.conf</refname>
    <refpurpose>pam_pwhistory configuration file</refpurpose>
  </refnamediv>

  <refsect1 id="pwhistory.conf-description">

    <title>DESCRIPTION</title>
    <para>
       <emphasis remap='B'>pwhistory.conf</emphasis> provides a way to configure the
       default settings for saving the last passwords for each user.
       This file is read by the <emphasis>pam_pwhistory</emphasis> module and is the
       preferred method over configuring <emphasis>pam_pwhistory</emphasis> directly.
    </para>
    <para>
       The file has a very simple <emphasis>name = value</emphasis> format with possible comments
       starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
       of line, and around the <emphasis>=</emphasis> sign is ignored.
    </para>
  </refsect1>

  <refsect1 id="pwhistory.conf-options">

    <title>OPTIONS</title>
         <variablelist>
            <varlistentry>
              <term>
                <option>debug</option>
              </term>
              <listitem>
                <para>
                  Turns on debugging via
                  <citerefentry>
                    <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
                  </citerefentry>.
                </para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>
                <option>enforce_for_root</option>
              </term>
              <listitem>
                <para>
                  If this option is set, the check is enforced for root, too.
                </para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>
                <option>remember=<replaceable>N</replaceable></option>
              </term>
              <listitem>
                <para>
                  The last <replaceable>N</replaceable> passwords for each
                  user are saved.
                  The default is <emphasis>10</emphasis>. Value of
                  <emphasis>0</emphasis> makes the module to keep the existing
                  contents of the <filename>opasswd</filename> file unchanged.
                </para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>
                <option>retry=<replaceable>N</replaceable></option>
              </term>
              <listitem>
                <para>
                  Prompt user at most <replaceable>N</replaceable> times
                  before returning with error. The default is 1.
                </para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>
                <option>file=<replaceable>/path/filename</replaceable></option>
              </term>
              <listitem>
                <para>
                  Store password history in file
                  <replaceable>/path/filename</replaceable> rather than the default
                  location. The default location is
	                <filename>/etc/security/opasswd</filename>.
                </para>
              </listitem>
            </varlistentry>
        </variablelist>
  </refsect1>

  <refsect1 id='pwhistory.conf-examples'>
    <title>EXAMPLES</title>
    <para>
      /etc/security/pwhistory.conf file example:
    </para>
    <programlisting>
debug
remember=5
file=/tmp/opasswd
    </programlisting>
  </refsect1>

  <refsect1 id="pwhistory.conf-files">
    <title>FILES</title>
    <variablelist>
      <varlistentry>
        <term><filename>/etc/security/pwhistory.conf</filename></term>
        <listitem>
          <para>the config file for custom options</para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='pwhistory.conf-see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
        <refentrytitle>pwhistory</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>

  <refsect1 id='pwhistory.conf-author'>
    <title>AUTHOR</title>
      <para>
        pam_pwhistory was written by Thorsten Kukuk. The support for
        pwhistory.conf was written by Iker Pedrosa.
      </para>
  </refsect1>

</refentry>