Restrict Users to Use Old Passwords

security

(HF) #1

As per title. I found the following:

This is very useful if you want to disallow users to use same old passwords. The old password file is located at /etc/security/opasswd . This can be achieved by using PAM module.

Open ‘ /etc/pam.d/system-auth ‘ file under RHEL / CentOS / Fedora .

Add the following line to ‘ auth ‘ section.

auth sufficient pam_unix.so likeauth nullok

Add the following line to ‘ password ‘ section to disallow a user from re-using last 5 password of his or her.

password sufficient pam_unix.so nullok use_authtok md5 shadow remember=5

Only last 5 passwords are remember by server. If you tried to use any of last 5 old passwords, you will get an error like.

Password has been already used. Choose another.

Source: https://www.tecmint.com/linux-server-hardening-security-tips/

Any thoughts on this pls?

TIA


(Davide Principi) #2

The article is a bit old: I’m wondering if this works with our SSSD configuration :thinking: