Prevent the reuse of old passwords

The PAM module pam_unix.so can be configured to maintain a list of old passwords for every user prohibiting the reuse of old passwords.

The list is located in the /etc/security/opasswd file. This is not a plain text file, but it should be protected the same as the /etc/shadow file. This is normally referred to as password history.

To remember the last 5 passwords, add the line below to the /etc/pam.d/system-auth file:

password sufficient /lib/security/pam_unix.so use_authtok md5 shadow remember=5

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s