password history ability with pam?

Craig White craigwhite at azapple.com
Fri Dec 16 06:27:21 MST 2005


On Thu, 2005-12-15 at 21:07 -0800, Dan Lund wrote:
> Hi folks,
> I don't often hit you guys for answers but I need a little advice.
> I'm dealing with SOX/HIPAA compliancy right now, which drives me a little nuts.
> Anyway, the auditors said we need to have a password history feature
> so that the user cannot change their password back to a password they
> used the last time, time before, etc.
> Now, we run Active Directory and I know I could configure the systems
> to use pam_smb to authenticate and it'd use the same password
> guidelines that the Windows world uses.  I don't want to rely on
> Active Directory, and it seems like a kludge at best.
> 
> I need to know how to do password history detection, has anyone had
> any experience with this on Linux servers?
> (note: This is a mix of Redhat 8.0, RHEL3/4, and Gentoo... about 160
> machines so individual maintanence would be a nightmare.. past the
> initial configuration which can easily be scripted)
> 
> Any help would be appreciated.  I have 6 months at most ;)
----
160 machines? Not using LDAP?

fedora directory server has a fairly mature password policy. OpenLDAP
finally added password policy in latest but haven't used it.

Craig



More information about the PLUG-discuss mailing list