PAM is a flexible mechanism for authenticating users. For example, you do not allow users to reuse recent passwords. This can be accomplished by using the remember option for the pam unix PAM module.
This module provides functionality for PAM modules such as authentication, account management etc. Same module can be used to maintain a list of old passwords for every user. This is useful if you want to disallow use of old passwords. The old password list is located in the /etc/security/opasswd file.
Limit Password Reuse
Open your /etc/pam.d/common-password file under Debian / Ubuntu Linux, run:
# vi /etc/pam.d/common-password
If you are using CentOS / RHEL / RedHat / Fedora Linux, edit /etc/pam.d/system-auth file, run:
# vi /etc/pam.d/system-auth
Now, update existing password line and append remember=10 to prevent a user from re-using any of his or her last 10 passwords. Do not append new line, update exiting password line and append remember=10.
password sufficient pam_unix.so use_authtok md5 shadow remember=10
Save and close the file.
Now Linux will remember last 10 passwords. If user tries to use any one of the last 10 old passwords, he/she will get an error:
Password has been already used. Choose another.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop