• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHE 7 : How to Prevent Users from Using the Last 10 Passwords

by admin

The requirement here is that the user should not use the last 10 used passwords again when setting a new password. If the user tries to set a password that has been used in last 10 times, he/she would get an error shown below:

Changing password for user test.
New UNIX password: 
Retype new UNIX password: 
Password has been already used.
passwd: all authentication tokens updated successfully.

This is a security measure which makes sure that the passwords are not hacked as the user keeps on setting new passwords every time it is expired. Follow the steps below to set this restriction on passwords.

1. Modify the file /etc/pam.d/system-auth such that it includes the pam module pam_pwhistory after the first occurrence of the password requisite line :

# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so

password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    requisite     pam_pwhistory.so debug use_authtok remember=10 retry=3
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session    optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

2. Now Attempt to change the passowrd of a user.

# passwd test
[Enter already used password]

Now you would see that the system would throw up an error saying that the password has already been used in the past.

Changing password for user test.
New UNIX password: 
Retype new UNIX password: 
Password has been already used.
passwd: all authentication tokens updated successfully.

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. e2fsck: command not found
  2. find WWN Number of HBA Card in Redhat Linux and CentOS
  3. How to scan newly Assigned LUNs in Multipathd under CentOS / RHEL
  4. Understanding the job control commands in Linux – bg, fg and CTRL+Z
  5. debchange Command Examples in Linux
  6. groupmod: command not found
  7. CentOS / RHEL : How to rotate /var/log/wtmp and /var/log/btmp file using logrotate
  8. jpegtran: command not found
  9. How to recover from deleted root entry in /etc/shadow and/or /etc/passwd files in CentOS / RHEL 6
  10. faillock Command Examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • raw: command not found
  • raw Command Examples in Linux
  • rankmirrors Command Examples in Linux
  • radeontop: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright