How to configure PAM to remember password history changes

  • 3829103
  • 26-Sep-2007
  • 22-Nov-2019

Environment

SUSE Linux Enterprise Desktop 10
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9
SUSE Linux Desktop 9

Situation

Every time a user changes her password, you would like it to be stored in a password history file. Additionally, PAM should check this file so that users can't reuse their previous "N" number of passwords.

Resolution

NOTE:  For a newer article on this topic, see KB 7008156https://www.suse.com/support/kb/doc/?id=7008156
 
 
Edit:
/etc/pam.d/password (SLES9, OES/Linux 1, Novell Linux Desktop 9)
or
/etc/pam.d/common-password (SLE 10, OES/Linux 2)

and change the line:

password required pam_pwcheck.so nullok
to
password required pam_pwcheck.so nullok remember=N

Put in the number of passwords you want to be saved/checked instead of "N".

Additional Information

The passwords are stored /etc/security/opasswd and checked every time a user changes her password.

Change Log

Added link to newer article for newer versions of SLES.  Corrected spelling of pam file names. (common-passwd to common-password).

Feedback service temporarily unavailable. For content questions or problems, please contact Support.