PAM is a flexible mechanism for authenticating users.
There is a module called pam_unix. This module provides functionality for PAM modules such as authentication, account management etc.
Same module can be used to maintain a list of old passwords for every user. This is useful if you want to disallow use of old passwords.
The old password list is located in the /etc/security/opasswd file.
Open your /etc/pam.d/common-password file (use /etc/pam.d/system-auth if you are using Fedora Core or Red Hat or Cent OS Linux).
# vi /etc/pam.d/common-password
If you are using CentOS/Fedora Core/RHEL:
# vi /etc/pam.d/system-auth
Now, append following line:
password sufficient pam_unix.so use_authtok md5 shadow remember=10
Save and close the file.
Now Linux will remember last 10 passwords. If user tries to use any one of the last 10 old passwords, he/she will get an error:
Password has been already used. Choose another.
- Email this to a friend
- Printable version
- Rss Feed
- Last Updated: Dec/20/2006
{ 1 comment… read it below or add one }
it does not work on my centos5… i tried to change my user password and tried use again my old password but it does not warn me that i already used my current password.
did i miss anything?