Limit Password Reuse

Posted: August 7, 2013 in Uncategorized

As a System Administrator we can restrict normal user i.e non root user from re-using their recent passwords. This can be done using the remember
option for the pam_unix.so PAM module. If suppose you don’t want user from re-using last 3 password then append remember=3 to the password line which uses the pam_unix.so module in the file /etc/pam.d/system-auth Please see below output of my /etc/pam.d/system-auth file

[root@afzalkhan ~]# cat /etc/pam.d/system-auth |grep remember
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=3
[root@afzalkhan ~]#

All old passwords are stored in the /etc/security/opasswd file

[root@afzalkhan ~]# cat /etc/security/opasswd
redhat:1008:2:$1$jhEGoUTv$Y/oF8sjP94Aa7JTLUH/Uf.,$1$9lDdc8O3$.MlOCHmHzDp8FHenBc413/
[root@afzalkhan ~]#

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s