Quoting Dan Lund : > Hi folks, > I don't often hit you guys for answers but I need a little advice. > I'm dealing with SOX/HIPAA compliancy right now, which drives me a little > nuts. > Anyway, the auditors said we need to have a password history feature > so that the user cannot change their password back to a password they > used the last time, time before, etc. > Now, we run Active Directory and I know I could configure the systems > to use pam_smb to authenticate and it'd use the same password > guidelines that the Windows world uses. I don't want to rely on > Active Directory, and it seems like a kludge at best. > > I need to know how to do password history detection, has anyone had > any experience with this on Linux servers? > (note: This is a mix of Redhat 8.0, RHEL3/4, and Gentoo... about 160 > machines so individual maintanence would be a nightmare.. past the > initial configuration which can easily be scripted) > > Any help would be appreciated. I have 6 months at most ;) > > --Dan Lund I stole this idea from here: http://uranus.it.swin.edu.au/~jn/linux/redhatserver.htm Enabling a password history 1. Create the old password file with the command # touch /etc/security/opasswd 2. Edit /etc/pam.d/system-auth and add the following pam_unix parameter "remember=3". Cracklib will automatically check /etc/security/opasswd and will not allow any of the passwords listed to be used again. This means that you must have pam_cracklib stacked before your pam_unix module (which is the default). _-_ end quote Change the "remember=3" to 4, enforce password changes every 90 days, and you're covered for a year. Should work with RedHat of various stripes back to 7. Not sure about Gentoo, but let us know if you turn anything up? TJ ------------------------------------------------- FastQ Communications Providing Innovative Internet Solutions Since 1993 --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss