HP-UX 11i Release Notes (December 2000)
Security
Password History Feature on Trusted Systems
Chapter 11 215
Password History Feature on Trusted Systems
Password history is a new trusted-system feature of the passwd
command, to discourage users from re-using previously used passwords.
The system administrator enables the system-wide password history
feature by creating (or opening, if it already exists) a file called
/etc/default/security and appending an entry:
PASSWORD_HISTORY_DEPTH=number
Depending on the value of number (decimal integer from 1 through 10),
the system checks the user’s new password against that number of
previously used passwords and prevents their usage. (For example, if
number=5, the system will not allow a user to use any of the last five
passwords he or she has previously used.)
Structurally, the password history feature is accomplished by a shared
library, called libpam_unix.1, which is dynamically loaded at run time
by the command. This structural characteristic is totally transparent to
users; the end-user interface of the command is unchanged.
For further information, consult the passwd (1) manpage.