# PAM_PWHISTORY(8) - man - phpMan

[PAM_PWHISTORY(8)](https://www.chedong.com/phpMan.php/man/PAMPWHISTORY/8/markdown)                          Linux-PAM Manual                          [PAM_PWHISTORY(8)](https://www.chedong.com/phpMan.php/man/PAMPWHISTORY/8/markdown)



## NAME
       pam_pwhistory - PAM module to remember last passwords

## SYNOPSIS
       **pam**___**pwhistory.so** [debug] [use_authtok] [enforce_for_root] [remember=_N_] [retry=_N_]
                        [authtok_type=_STRING_]

## DESCRIPTION
       This module saves the last passwords for each user in order to force password change history
       and keep the user from alternating between the same password too frequently.

       This module does not work together with kerberos. In general, it does not make much sense to
       use this module in conjunction with NIS or LDAP, since the old passwords are stored on the
       local machine and are not available on another machine for password history checking.

## OPTIONS
### debug
           Turns on debugging via [**syslog**(3)](https://www.chedong.com/phpMan.php/man/syslog/3/markdown).

       **use**___**authtok**
           When password changing enforce the module to use the new password provided by a
           previously stacked **password** module (this is used in the example of the stacking of the
           **pam**___**cracklib** module documented below).

       **enforce**___**for**___**root**
           If this option is set, the check is enforced for root, too.

       **remember=**_N_
           The last _N_ passwords for each user are saved in /etc/security/opasswd. The default is _10_.
           Value of _0_ makes the module to keep the existing contents of the opasswd file unchanged.

       **retry=**_N_
           Prompt user at most _N_ times before returning with error. The default is _1_.

       **authtok**___**type=**_STRING_
           See **pam**___**get**___**[authtok**(3)](https://www.chedong.com/phpMan.php/man/authtok/3/markdown) for more details.

## MODULE TYPES PROVIDED
       Only the **password** module type is provided.

## RETURN VALUES
       PAM_AUTHTOK_ERR
           No new password was entered, the user aborted password change or new password couldn't be
           set.

       PAM_IGNORE
           Password history was disabled.

       PAM_MAXTRIES
           Password was rejected too often.

       PAM_USER_UNKNOWN
           User is not known to system.

## EXAMPLES
       An example password section would be:

           #%PAM-1.0
           password     required       pam_pwhistory.so
           password     required       pam_unix.so        use_authtok


       In combination with **pam**___**cracklib**:

           #%PAM-1.0
           password     required       pam_cracklib.so    retry=3
           password     required       pam_pwhistory.so   use_authtok
           password     required       pam_unix.so        use_authtok



## FILES
       /etc/security/opasswd
           File with password history

## SEE ALSO
       [**pam.conf**(5)](https://www.chedong.com/phpMan.php/man/pam.conf/5/markdown), [**pam.d**(5)](https://www.chedong.com/phpMan.php/man/pam.d/5/markdown), [**pam**(7)](https://www.chedong.com/phpMan.php/man/pam/7/markdown) **pam**___**get**___**[authtok**(3)](https://www.chedong.com/phpMan.php/man/authtok/3/markdown)

## AUTHOR
       pam_pwhistory was written by Thorsten Kukuk <<kukuk@thkukuk.de>>



Linux-PAM Manual                             06/08/2020                             [PAM_PWHISTORY(8)](https://www.chedong.com/phpMan.php/man/PAMPWHISTORY/8/markdown)