Loading ...Prevent from using or reuse same old passwords under Linux
PAM is a flexible mechanism for authenticating users.
There is a module called pam_unix. This module provides functionality for PAM modules such as authentication, account management etc.
Same module can be used to maintain a list of old passwords for every user. This is useful if you want to disallow use of old passwords.
The old password list is located in the /etc/security/opasswd file.
Open your /etc/pam.d/common-password file (use /etc/pam.d/system-auth if you are using Fedora Core or Red Hat or Cent OS Linux).
# vi /etc/pam.d/common-password
If you are using CentOS/Fedora Core/RHEL:
# vi /etc/pam.d/system-auth
Now, append following line:
password sufficient pam_unix.so use_authtok md5 shadow remember=10
Save and close the file.
Now Linux will remember last 10 passwords. If user tries to use any one of the last 10 old passwords, he/she will get an error:
Password has been already used. Choose another.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- How to secure the data in your PHP applications with PHP encryption
- Howto improve ssh session performance by reusing an existing connection to a remote openssh server
- Giving Up Passwords for Chocolates Offered By Good Looking Women
- Linux check passwords against a dictionary attack
- Linux password manager that also works under Windows / OS X
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
it does not work on my centos5… i tried to change my user password and tried use again my old password but it does not warn me that i already used my current password.
did i miss anything?