As part of a requirement for a security certification my company is attempting to acquire, we have to ensure that employees do not recycle their previous four passwords. I need to find a way to accomplish this in PAM. I am fully aware that the pam_unix.so module has a flag 'remember=n', which can be used for just this purpsoe. Here's the problem: we're using LDAP authentication for all clients. The PAM System Administrators Guide alludes to there being a way to have pam_cracklib.so check the /etc/security/opasswd file for old user passwords, but it doesn't go any deeper than that. And that's where I've reached a dead end. Are there any modules specifically for this purpose? Does pam_ldap.so have the feature built into it, somehow? Is there any other way to accomplish what I'm trying to do? -- Stephen Touset <stephen@touset.org>
Attachment:
signature.asc
Description: This is a digitally signed message part