Enforce "cannot reuse the last 2 passwords" password rule
Currently the "remember" attribute in pam_pwhistory configuration is set to "2", which enforces "cannot reuse the last 1 passwords" in history instead of "cannot reuse the last 2 passwords" stated in security document. This update changed "remember" attribute to "3" so that the rule complies with the document. Closes-Bug: 1924772 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: I340152f8b8a572bc1e86f1eb4a14eb8e392f6334
This commit is contained in:
parent
e87383f6c3
commit
7877dbc6ba
|
@ -23,16 +23,14 @@
|
|||
## minimum length of 7 characters. A user may not re-use the last most #
|
||||
## recent password and every password must differ from its previous #
|
||||
## one by atleast 3 characters #
|
||||
## - Added enforce_for_root for pam_pwquality.so #
|
||||
## - Added enforce_for_root for pam_pwquality.so #
|
||||
########################################################################
|
||||
|
||||
password required pam_pwquality.so try_first_pass retry=3 authtok_type= difok=3 minlen=7 lcredit=-1 ucredit=-1 ocredit=-1 dcredit=-1 enforce_for_root debug
|
||||
password required pam_pwhistory.so use_authtok enforce_for_root remember=2 retry=3 debug
|
||||
password required pam_pwhistory.so use_authtok enforce_for_root remember=3 retry=3 debug
|
||||
|
||||
password sufficient pam_unix.so sha512 use_authtok debug
|
||||
password [success=done authtok_err=die perm_denied=die default=ignore] pam_ldap.so use_authtok debug
|
||||
|
||||
|
||||
|
||||
# If we got this far then its clearly a DENY
|
||||
password requisite pam_deny.so
|
||||
|
|
Loading…
Reference in New Issue