2 files changed, 31 insertions, 0 deletions

diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
index 62848666..d83d8d97 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8.xml
+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -251,6 +251,21 @@ password     required       pam_unix.so        use_authtok
           <para>Default file with password history</para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><filename>/etc/security/pwhistory.conf</filename></term>
+        <listitem>
+          <para>Config file for pam_pwhistory options</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry condition="with_vendordir">
+        <term><filename>%vendordir%/security/pwhistory.conf</filename></term>
+        <listitem>
+          <para>
+            Config file for pam_pwhistory options. It will be used if
+            <filename>/etc/security/pwhistory.conf</filename> does not exist.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
diff --git a/modules/pam_pwhistory/pwhistory_config.c b/modules/pam_pwhistory/pwhistory_config.c
index b21879c6..692cf80e 100644
--- a/modules/pam_pwhistory/pwhistory_config.c
+++ b/modules/pam_pwhistory/pwhistory_config.c
@@ -39,6 +39,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
+#include <sys/stat.h>
 
 #include <security/pam_modutil.h>
 
@@ -47,6 +48,10 @@
 
 #define PWHISTORY_DEFAULT_CONF SCONFIGDIR "/pwhistory.conf"
 
+#ifdef VENDOR_SCONFIGDIR
+#define VENDOR_PWHISTORY_DEFAULT_CONF (VENDOR_SCONFIGDIR "/pwhistory.conf")
+#endif
+
 void
 parse_config_file(pam_handle_t *pamh, int argc, const char **argv,
                   struct options_t *options)
@@ -65,6 +70,17 @@ parse_config_file(pam_handle_t *pamh, int argc, const char **argv,
 
     if (fname == NULL) {
         fname = PWHISTORY_DEFAULT_CONF;
+
+#ifdef VENDOR_PWHISTORY_DEFAULT_CONF
+        /*
+         * Check whether PWHISTORY_DEFAULT_CONF file is available.
+         * If it does not exist, fall back to VENDOR_PWHISTORY_DEFAULT_CONF file.
+         */
+        struct stat buffer;
+        if (stat(fname, &buffer) != 0 && errno == ENOENT) {
+            fname = VENDOR_PWHISTORY_DEFAULT_CONF;
+        }
+#endif
     }
 
     val = pam_modutil_search_key (pamh, fname, "debug");