Hi folks,
I don't often hit you guys for answers but I need a little advice.
I'm dealing with SOX/HIPAA compliancy right now, which drives me a little nuts.
Anyway, the auditors said we need to have a password history feature
so that the user cannot change their password back to a password they
used the last time, time before, etc.
Now, we run Active Directory and I know I could configure the systems
to use pam_smb to authenticate and it'd use the same password
guidelines that the Windows world uses.  I don't want to rely on
Active Directory, and it seems like a kludge at best.

I need to know how to do password history detection, has anyone had
any experience with this on Linux servers?
(note: This is a mix of Redhat 8.0, RHEL3/4, and Gentoo... about 160
machines so individual maintanence would be a nightmare.. past the
initial configuration which can easily be scripted)

Any help would be appreciated.  I have 6 months at most ;)

--Dan Lund
--
To exercise power costs effort and demands courage. That is why so
many fail to assert rights to which they are perfectly entitled -
because a right is a kind of power but they are too lazy or too
cowardly to exercise it.  The virtues which cloak these faults are
called patience and forbearance.
Friedrich Nietzsche
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss