> I am trying to set a policy for users. One of our requirements is > that passwords not be reused for at least 1 year (we change passwords > every 30 days). The problem seems to be that the -history parameter > cannot be greater then 9. Is this something I am doing wrong or is > this indeed a restriction on the number of kept old passwords? Thanks
This is, indeed, a restriction. If you need more, you need to change the code and recompile, etc. In any event, unless you also set a minimum password lifetime, you can't guarantee a no reuse in a year anyway (I could change my password 12 times in 12 minutes). <soapbox> I realize that these sorts of password rules are often externally dictated, but it's not clear to me (or many others) that they actually have a positive effect on security). </soapbox> John ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
