I have been attempting to enable pam_cracklib to check a password in a password history file with no luck. No matter what I seem to try, nothing is ever added to the opasswd file. I have tried this on several stations with no luck so I must be missing something. I have been following the documentation as best I can, and according to other sites, this should be working. I'm beginning to think this might have something to do with the distro I'm running, but not sure.

The problem is I can't seem to get it to work. So, I loaded up a test machine from scratch using RHEL 4.4 with all updates as of 3-14-07. I then did the following:

1.) touch /etc/security/opasswd {creates the necessary old password file}
2.) chown root:root /etc/security/opasswd
3.) chmod 600 /etc/security/opasswd
Note I have opened the permissions up on this file for testing with no more luck.
4.) I modified the system-auth file which I'm pretty sure is the file this flavor of Linux uses with the following line:

password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=12


Here is the entire file. The only thing changed from the default file is the line above. I simply added remember=12 to it.

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=12
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so

If I change the line above from sufficient to requered as in the example on the site referenced above such as follows:
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=12

I then get the error:
passwd: Authentication token manipulation error
{This tells me I must be editing the correct file}

What do I need to do to create the password history file using pam_cracklib?

The site I referenced above was http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html

I couldn't include the URL in my original post as it was my first post on this forum. Also I had a type-o in the original post.

"If I change the line above from sufficient to requered . . ." should have been required, spelled correctly.