This module saves the last passwords for each user in order to
force password change history and keep the user from alternating
between the same password too frequently.
This module does not work together with kerberos. In general, it
does not make much sense to use this module in conjunction with
NIS or LDAP, since the old passwords are stored on the local
machine and are not available on another machine for password
Turns on debugging via syslog(3).
When password changing enforce the module to use the new
password provided by a previously stacked password module
(this is used in the example of the stacking of the
pam_cracklib module documented below).
If this option is set, the check is enforced for root, too.
The last N passwords for each user are saved in
/etc/security/opasswd. The default is 10. Value of 0 makes
the module to keep the existing contents of the opasswd file
Prompt user at most N times before returning with error. The
default is 1.
See pam_get_authtok(3) for more details.
No new password was entered, the user aborted password change
or new password couldn't be set.
Password history was disabled.
Password was rejected too often.
User is not known to system.
This page is part of the linux-pam (Pluggable Authentication
Modules for Linux) project. Information about the project can be
found at ⟨http://www.linux-pam.org/⟩. If you have a bug report
for this manual page, see ⟨//www.linux-pam.org/⟩. This page was
obtained from the tarball Linux-PAM-1.3.0.tar.bz2 fetched from
⟨http://www.linux-pam.org/library/⟩ on 2021-04-01. If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to firstname.lastname@example.org
Linux-PAM Manual 04/01/2016 PAM_PWHISTORY(8)