password rotation and unique constraint

[Dan Nelson]

In the last episode (Jul 09), Jeff said:
> i'd like to configure pw.conf to force password expiration.  is there
> anyway to ensure the user can not change it to the same password.  i
> don't need to keep the last 7 or anything, just stop it being the
> same from the last one.  If/when i need the last N password, i'd
> assume i'd have to move to LDAP?

Should be easy enough to add a check to the passwd source to make sure
that the old password doesn't match the new one.  As for storing the
last 7 passwords and checking against them, I don't see any reason LDAP
would be required.  It doesn't magically add this support.  If you're
already using NIS (you didn't say), you can add code to rpc.yppasswdd
to store the old password hashes somewhere and check against them
before accepting a new password change.

-- 
	Dan Nelson
	dnelson at allantgroup.com