pam_pwhistory enforces root to password change history when resetting non-root user's password
Issue
When pam_pwhistory is in use root is forced to pick a password not in user's history when changing user's password.
For example:
- insert the following in /etc/pam.d/system-auth-ac (after pam_cracklib.so line if present)
password requisite pam_pwhistory.so remember=6 use_authtok
- Attempt to change the passowrd of a normal user.
[root@rhel57 ~]# passwd test
<Enter already used password>
Actual results:
Changing password for user test.
New UNIX password:
Retype new UNIX password:
Password has been already used. Choose another.
passwd: Have exhausted maximum number of retries for service
Expected results:
Changing password for user test.
New UNIX password:
Retype new UNIX password:
Password has been already used.
passwd: all authentication tokens updated successfully.
Environment
- Red Hat Enterprise Linux (RHEL) 5.8, 6.3
- pam-0.99.6.2-6.el5_5.2
- pam-1.1.1-10.el6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
