[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: not allowing previous passwds as valid

On Mon, 3 Feb 2003 at 2:48pm (-0500), Margaret_Doll wrote:

> Is there a way for the system to maintain a password history for each 
> account, so that a user cannot return to a previous password?
> If I set a user's password to expire in 45 days, he/she will 
> temporarily change the password and then reset it again to the first 
> password.  There won't be an effective change of passwords.

I think you want the 'remember=X' option for pam_unix.so ... read about it
in README.pam_unix.  You prolly also want to use chage(1) to set a minimum
number of days between password changes so that they can't just change it a
bunch of times all at once to make the password they want drop off the
remebered list so it can be used again.


P.S.  You prolly need to touch /etc/security/opasswd to kick things off for 
the remeber list.

WebCentral Pty Ltd           Australia's #1 Internet Web Hosting Company
Level 5, 100 Wickham St.           Network Operations - Systems Engineer
PO Box 930, Fortitude Valley.                     phone: +61 7 3249 2552
Queensland, Australia 4006.                       pgp key id: 0x900E515F

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]