As per title. I found the following:
This is very useful if you want to disallow users to use same old passwords. The old password file is located at /etc/security/opasswd . This can be achieved by using PAM module.
Open ‘ /etc/pam.d/system-auth ‘ file under RHEL / CentOS / Fedora .
Add the following line to ‘ auth ‘ section.
auth sufficient pam_unix.so likeauth nullok
Add the following line to ‘ password ‘ section to disallow a user from re-using last 5 password of his or her.
password sufficient pam_unix.so nullok use_authtok md5 shadow remember=5
Only last 5 passwords are remember by server. If you tried to use any of last 5 old passwords, you will get an error like.
Password has been already used. Choose another.
Any thoughts on this pls?