pam_pwhistory enforces root to password change history when resetting non-root user's password

Solution Verified - Updated -

Issue

When pam_pwhistory is in use root is forced to pick a password not in user's history when changing user's password.

For example:
- insert the following in /etc/pam.d/system-auth-ac (after pam_cracklib.so line if present)

password    requisite     pam_pwhistory.so remember=6 use_authtok
  • Attempt to change the passowrd of a normal user.
[root@rhel57 ~]# passwd test
<Enter already used password>

Actual results:

Changing password for user test.
New UNIX password: 
Retype new UNIX password: 
Password has been already used. Choose another.
passwd: Have exhausted maximum number of retries for service

Expected results:

Changing password for user test.
New UNIX password: 
Retype new UNIX password: 
Password has been already used.
passwd: all authentication tokens updated successfully.

Environment

  • Red Hat Enterprise Linux (RHEL) 5.8, 6.3
  • pam-0.99.6.2-6.el5_5.2
  • pam-1.1.1-10.el6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content