linux poison RSS
linux poison Email

Prevent the reuse of old passwords

The PAM module pam_unix.so can be configured to maintain a list of old passwords for every user prohibiting the reuse of old passwords.

The list is located in the /etc/security/opasswd file. This is not a plain text file, but it should be protected the same as the /etc/shadow file. This is normally referred to as password history.

To remember the last 5 passwords, add the line below to the /etc/pam.d/system-auth file:

password sufficient /lib/security/pam_unix.so use_authtok md5 shadow remember=5



0 comments:

Post a Comment

Related Posts with Thumbnails