When pam_pwhistory is in use root is forced to pick a password not in user's history when changing user's password.
- insert the following in /etc/pam.d/system-auth-ac (after pam_cracklib.so line if present)
password requisite pam_pwhistory.so remember=6 use_authtok
- Attempt to change the passowrd of a normal user.
[root@rhel57 ~]# passwd test <Enter already used password>
Changing password for user test. New UNIX password: Retype new UNIX password: Password has been already used. Choose another. passwd: Have exhausted maximum number of retries for service
Changing password for user test. New UNIX password: Retype new UNIX password: Password has been already used. passwd: all authentication tokens updated successfully.
- Red Hat Enterprise Linux (RHEL) 5.8, 6.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.