Linux PAM.d for restricting repeated use of same passwords

jegaraman · July 30, 2015, 6:46am

Dear All ,

I have configured password history in the Linux Server.

Below is the PAM.d system-auth configuration file.

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        required      pam_unix.so try_first_pass nullok
#auth        required      pam_deny.so
auth        required      pam_tally.so no_magic_root onerr=fail deny=3 unlock_time=3600
#account            required      pam_tally.so no_magic_root lock_time=60
account     required      pam_unix.so

password    requisite     pam_passwdqc.so min=disabled,disabled,disabled,disabled,8 similar=deny enforce=everyone max=40
password    sufficient    pam_unix.so try_first_pass use_authtok nullok md5 shadow remember=10
password    required      pam_deny.so
password    required      pam_cracklib.so ocredit=1

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

In this i have put "remember=10" , but it is not working.

I am able to use the same passwords repeatedly.

The file /etc/security/opasswd file also not getting updated.

Pl respond....

Corona688 · July 30, 2015, 11:49am

The file contains these interesting lines:

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

I suspect the file is autogenerated, and its changes are being destroyed next time authconfig is run -- presumably, whenever pamd is restarted (you did restart it, yes?)

We need to find out how this file is generated. What's your distribution?