3.1.2.2 histsize

Information

Defines the number of previous passwords that a user may not reuse.

Rationale:

In setting the histsize attribute, it enforces a minimum number of previous passwords a user cannot reuse.

Solution

In /etc/security/user, set the default user stanza histsize attribute to be (greater than or) equal to 20:

chsec -f /etc/security/user -s default -a histsize=20

This means that a user may not reuse any of the previous 20 passwords.

Default Value:

No limit

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: 65938a8b3553b4511a649b786b436b0dffd2e6d2284e4aadc3a7ec3582b14102