• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

password history with pam?

jimrice

New Member


Messages: 2

#1
Greetings ...

I need to configure password history in FreeBSD 11.1 for PCI Compliance. (Or is that an oxymoron?)
I would have thought that this was a more common request, and would have its own FAQ.

I have searched, and about the only relevant thread I found is here: Thread 23446

Is this feature just not supported, and never will?
Is there a third-party pam_unix or pam_pwhistory module available elsewhere?

Thanks!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,692

#2
Not sure if there's anything for local passwords. But if you have multiple servers it might be a good idea to implement LDAP. With LDAP you certainly can keep track of password history. It will also give you a nice centralized user database.

http://www.zytrax.com/books/ldap/ch6/ppolicy.html
 

jimrice

New Member


Messages: 2

#3
Thanks, SirDice. This is for a production environment where the key is isolation of services, and limited user accounts. We are getting away from centralization and single sign-on...
And we are attempting to harden the OS, but using Release version and binaries (11.1), rather than compiling from source (10.3). Previously, we had a customized version of passwd,
libpam.so.5, and pam_unix.so.5, which I think may have come from OpenPAM. I don't know, since the original developer is no longer with the company, and didn't leave clues.

I know, not your problem ... but thanks for listening.