password history ability with pam?
Dan Lund
situationalawareness at gmail.com
Thu Dec 15 22:07:10 MST 2005
Hi folks,
I don't often hit you guys for answers but I need a little advice.
I'm dealing with SOX/HIPAA compliancy right now, which drives me a little nuts.
Anyway, the auditors said we need to have a password history feature
so that the user cannot change their password back to a password they
used the last time, time before, etc.
Now, we run Active Directory and I know I could configure the systems
to use pam_smb to authenticate and it'd use the same password
guidelines that the Windows world uses. I don't want to rely on
Active Directory, and it seems like a kludge at best.
I need to know how to do password history detection, has anyone had
any experience with this on Linux servers?
(note: This is a mix of Redhat 8.0, RHEL3/4, and Gentoo... about 160
machines so individual maintanence would be a nightmare.. past the
initial configuration which can easily be scripted)
Any help would be appreciated. I have 6 months at most ;)
--Dan Lund
--
To exercise power costs effort and demands courage. That is why so
many fail to assert rights to which they are perfectly entitled -
because a right is a kind of power but they are too lazy or too
cowardly to exercise it. The virtues which cloak these faults are
called patience and forbearance.
Friedrich Nietzsche
More information about the PLUG-discuss
mailing list