# password history with pam?



## jimrice (Sep 13, 2017)

Greetings ...

I need to configure password history in FreeBSD 11.1 for PCI Compliance.  (Or is that an oxymoron?)
I would have thought that this was a more common request, and would have its own FAQ.

I have searched, and about the only relevant thread I found is here:  Thread 23446

Is this feature just not supported, and never will?
Is there a third-party pam_unix or pam_pwhistory module available elsewhere?

Thanks!


----------



## SirDice (Sep 14, 2017)

Not sure if there's anything for local passwords. But if you have multiple servers it might be a good idea to implement LDAP. With LDAP you certainly can keep track of password history. It will also give you a nice centralized user database. 

http://www.zytrax.com/books/ldap/ch6/ppolicy.html


----------



## jimrice (Sep 14, 2017)

Thanks, SirDice.  This is for a production environment where the key is isolation of services, and limited user accounts.  We are getting away from centralization and single sign-on...
And we are attempting to harden the OS, but using Release version and binaries (11.1), rather than compiling from source (10.3).  Previously, we had a customized version of passwd,
libpam.so.5, and pam_unix.so.5, which I think may have come from OpenPAM.  I don't know, since the original developer is no longer with the company, and didn't leave clues.

I know, not your problem ...  but thanks for listening.


----------

