pam_pwhistory enforces root to password change history when resetting non-root user's password

Solution Verified - Updated -

Issue

When pam_pwhistory is in use root is forced to pick a password not in user's history when changing user's password.

For example:
- insert the following in /etc/pam.d/system-auth-ac (after pam_cracklib.so line if present)

password    requisite     pam_pwhistory.so remember=6 use_authtok
  • Attempt to change the passowrd of a normal user.
[root@rhel57 ~]# passwd test
<Enter already used password>

Actual results:

Changing password for user test.
New UNIX password: 
Retype new UNIX password: 
Password has been already used. Choose another.
passwd: Have exhausted maximum number of retries for service

Expected results:

Changing password for user test.
New UNIX password: 
Retype new UNIX password: 
Password has been already used.
passwd: all authentication tokens updated successfully.

Environment

  • Red Hat Enterprise Linux (RHEL) 5.8, 6.3
  • pam-0.99.6.2-6.el5_5.2
  • pam-1.1.1-10.el6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.