nixCraft Poll

Topics

Prevent from using or reuse same old passwords under Linux

Posted by Vivek Gite [Last updated: December 20, 2006]

PAM is a flexible mechanism for authenticating users.

There is a module called pam_unix. This module provides functionality for PAM modules such as authentication, account management etc.

Same module can be used to maintain a list of old passwords for every user. This is useful if you want to disallow use of old passwords.

The old password list is located in the /etc/security/opasswd file.

Open your /etc/pam.d/common-password file (use /etc/pam.d/system-auth if you are using Fedora Core or Red Hat or Cent OS Linux).

# vi /etc/pam.d/common-password

If you are using CentOS/Fedora Core/RHEL:
# vi /etc/pam.d/system-auth

Now, append following line:
password sufficient pam_unix.so use_authtok md5 shadow remember=10

Save and close the file.

Now Linux will remember last 10 passwords. If user tries to use any one of the last 10 old passwords, he/she will get an error:
Password has been already used. Choose another.

Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

You may also be interested in other helpful articles:

Discussion on This Article:

  1. frank Says:

    it does not work on my centos5… i tried to change my user password and tried use again my old password but it does not warn me that i already used my current password.

    did i miss anything?

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.