How to enable password history

To enable password history on HP-UX systems, you need to edit "/etc/default/security" and set the PASSWORD_HISTORY_DEPTH variable to the required history depth (number of old passwords to remember)Verbatim, accoding to the manpage:

# man security
...
PASSWORD_HISTORY_DEPTH
                          This attribute controls the password history
                          depth.  A new password is checked against
                          passwords stored in the user's password history.
                          This prevents the user from re-using a recently
                          used password.  This attribute applies only to
                          local users.

                          For a trusted system, the maximum password history
                          depth is 10 and the minimum is 1.

                          For a standard system, the maximum password
                          history depth is 24 and the minimum is 1.  The
                          system-wide default defined here may be overridden
                          by defining a per-user value in /var/adm/userdb
                          (described in userdb(4)).

For example to enable a 5 level depth of password history set the value on /etc/default/security to:

PASSWORD_HISTORY_DEPTH=5

Notes

• If you need to perform policy changes by user account different that that global policy, check the usage of "userdb" database, with special attention to the usage of /etc/security.dsc file.

• Configuring the PASSWORD_HISTORY_DEPTH in "/etc/default/security" will allow one sucessfull password change to any old password because no track of the passwords used before the activation of the feature is available on the system. Set new passwords for those accounts that represent security concerns after immediately enable the password history.

• Account that do not provied login prompt to users, like uucp, lp or apache are not affect or covered by this security measure, because no password is even setup.