Resolution:The PAM module pam_unix.so can be configured to maintain a list of old passwords for every user prohibiting the reuse of old passwords. The list is located in the /etc/security/opasswd file. This is not a plain text file, but should be protected the same as the /etc/shadow file. This is normally referred to as password history.
To remember the last 15 passwords, add the line below to the /etc/pam.d/system-auth file:
password sufficient /lib/security/pam_unix.so use_authtok md5 shadow remember=15
You can replace the number 15 used above with an integer you want, to enforce your password security policy.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment