LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-14-2011, 07:05 AM   #1
Viswes_B
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Rep: Reputation: 0
Unhappy Password History using pam_passwdqc.so and pam_unix.so


Hi,

I am trying to add argument remember=5 for pam_unix.so to remember 5 previosly set passwords. when i try to test this by changing the passwd of user to then PAM accepts the password which was already configured.

I also checked whether pam_unix is trying to save the information to /etc/security/opasswd but it doesnt.

I am using shadow too.

my system_auth looks like below:
auth required /lib64/security/pam_tally.so audit deny=5
auth required /lib64/security/pam_unix.so nullok_secure


account required /lib64/security/pam_tally.so
account required /lib64/security/pam_unix.so

password required /lib64/security/pam_passwdqc.so passphrase=0 random=0 min=disabled,disabled,disabled,8,8 max=40 match=4 similar=deny
password sufficient /lib64/security/pam_unix.so nullok use_authtok md5 shadow use_first_pass
password required pam_deny.so

#session optional /lib64/security/pam_keyinit.so revoke
session required /lib64/security/pam_limits.so
session required /lib64/security/pam_unix.so

Kindly let me know what is wrong with the configuration

Last edited by Viswes_B; 04-14-2011 at 07:50 AM. Reason: Missed a line
 
Old 04-14-2011, 11:23 AM   #2
savona
Member
 
Registered: Mar 2011
Location: Bellmawr, NJ
Distribution: Red Hat / Fedora
Posts: 195

Rep: Reputation: 50
Did you create the opaswd file and set the necessary permissions/ownership?

touch /etc/security/opasswd
chown root:root /etc/security/opasswd
chmod 600 /etc/security/opasswd

Then I would consider trying changing the following line:

password sufficient /lib64/security/pam_unix.so nullok use_authtok md5 shadow use_first_pass

to

password sufficient /lib64/security/pam_unix.so nullok remember=5 use_authtok md5 shadow use_first_pass
 
1 members found this post helpful.
Old 04-15-2011, 12:45 AM   #3
Viswes_B
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by savona View Post
Did you create the opaswd file and set the necessary permissions/ownership?

touch /etc/security/opasswd
chown root:root /etc/security/opasswd
chmod 600 /etc/security/opasswd

Then I would consider trying changing the following line:

password sufficient /lib64/security/pam_unix.so nullok use_authtok md5 shadow use_first_pass

to

password sufficient /lib64/security/pam_unix.so nullok remember=5 use_authtok md5 shadow use_first_pass
hi,

After adding your changes, i corrected more thing, that is the way of testing this is entirely wrong. i was simply chaging the password, Instead i made the password expire and then re-login and give the same password and yippee... it worked .
I can see the error message
I can see opasswd file updated too

But a small clarification , once i change the password to new one which is not in the remember list(opasswd) and again issue "passwd admin" --> one of the remembered passwords, it doesnt throw any error, it accepts... why so ???
 
Old 04-15-2011, 06:40 AM   #4
savona
Member
 
Registered: Mar 2011
Location: Bellmawr, NJ
Distribution: Red Hat / Fedora
Posts: 195

Rep: Reputation: 50
Quote:
Originally Posted by Viswes_B View Post
hi,

After adding your changes, i corrected more thing, that is the way of testing this is entirely wrong. i was simply chaging the password, Instead i made the password expire and then re-login and give the same password and yippee... it worked .
I can see the error message
I can see opasswd file updated too

But a small clarification , once i change the password to new one which is not in the remember list(opasswd) and again issue "passwd admin" --> one of the remembered passwords, it doesnt throw any error, it accepts... why so ???
Are you running "passwd admin" as root? Root is allowed to reuse passwords in the history list. If your logged in as a user you should just use "passwd" as only root is allowed to specify a user when running passwd.
 
1 members found this post helpful.
Old 04-19-2011, 03:32 AM   #5
Viswes_B
LQ Newbie
 
Registered: Apr 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Savona,

Thanks, this issue has been resolved, I am able to see the stored passwords in opasswd file. thanks alot

Viswes
 
Old 04-19-2011, 08:39 AM   #6
savona
Member
 
Registered: Mar 2011
Location: Bellmawr, NJ
Distribution: Red Hat / Fedora
Posts: 195

Rep: Reputation: 50
Glad I can help!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Password History In Ubuntu (pam_passwdqc.so) ajayan Linux - Newbie 3 02-23-2011 11:32 PM
password complexity with pam_passwdqc.so VMSlives Linux - Security 4 03-30-2009 04:19 PM
Password Restrict.. Password History in RHEL 5.0 your_shadow03 Linux - Newbie 6 08-14-2008 11:33 AM
pam_cracklib password history not working Kyle Harris Linux - Security 1 03-16-2007 12:40 PM
can I set the password history in solaris ooihc Solaris / OpenSolaris 3 09-24-2004 06:25 AM


All times are GMT -5. The time now is 08:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration