How to enable password history
To enable password history on HP-UX systems, you need to edit "/etc/default/security" and set the PASSWORD_HISTORY_DEPTH variable to the required history depth (number of old passwords to remember)Verbatim, accoding to the manpage:
# man security ... PASSWORD_HISTORY_DEPTH This attribute controls the password history depth. A new password is checked against passwords stored in the user's password history. This prevents the user from re-using a recently used password. This attribute applies only to local users. For a trusted system, the maximum password history depth is 10 and the minimum is 1. For a standard system, the maximum password history depth is 24 and the minimum is 1. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)).
For example to enable a 5 level depth of password history set the value on /etc/default/security to:
- If you need to perform policy changes by user account different that that global policy, check the usage of "userdb" database, with special attention to the usage of /etc/security.dsc file.
- Configuring the PASSWORD_HISTORY_DEPTH in "/etc/default/security" will allow one sucessfull password change to any old password because no track of the passwords used before the activation of the feature is available on the system. Set new passwords for those accounts that represent security concerns after immediately enable the password history.
- Account that do not provied login prompt to users, like uucp, lp or apache are not affect or covered by this security measure, because no password is even setup.