Password History using pam_passwdqc.so and pam_unix.so
Hi,
I am trying to add argument remember=5 for pam_unix.so to remember 5 previosly set passwords. when i try to test this by changing the passwd of user to then PAM accepts the password which was already configured. I also checked whether pam_unix is trying to save the information to /etc/security/opasswd but it doesnt. I am using shadow too. my system_auth looks like below: auth required /lib64/security/pam_tally.so audit deny=5 auth required /lib64/security/pam_unix.so nullok_secure account required /lib64/security/pam_tally.so account required /lib64/security/pam_unix.so password required /lib64/security/pam_passwdqc.so passphrase=0 random=0 min=disabled,disabled,disabled,8,8 max=40 match=4 similar=deny password sufficient /lib64/security/pam_unix.so nullok use_authtok md5 shadow use_first_pass password required pam_deny.so #session optional /lib64/security/pam_keyinit.so revoke session required /lib64/security/pam_limits.so session required /lib64/security/pam_unix.so Kindly let me know what is wrong with the configuration |
Did you create the opaswd file and set the necessary permissions/ownership?
touch /etc/security/opasswd chown root:root /etc/security/opasswd chmod 600 /etc/security/opasswd Then I would consider trying changing the following line: password sufficient /lib64/security/pam_unix.so nullok use_authtok md5 shadow use_first_pass to password sufficient /lib64/security/pam_unix.so nullok remember=5 use_authtok md5 shadow use_first_pass |
Quote:
After adding your changes, i corrected more thing, that is the way of testing this is entirely wrong. i was simply chaging the password, Instead i made the password expire and then re-login and give the same password and yippee... it worked . I can see the error message I can see opasswd file updated too But a small clarification , once i change the password to new one which is not in the remember list(opasswd) and again issue "passwd admin" --> one of the remembered passwords, it doesnt throw any error, it accepts... why so ??? |
Quote:
|
Savona,
Thanks, this issue has been resolved, I am able to see the stored passwords in opasswd file. thanks alot Viswes |
Glad I can help!
|
All times are GMT -5. The time now is 03:09 PM. |