Martin Pool wrote: > The PAM module might store previous passwords in a database (e.g. tdb) > that it maintains. Every time a password is set, it gets put in > there, with any other appropriate information (date?). When a new > password-setting attempt is made, it checks against the history, plus > other strength checks.
Do we even need to save the decrypted password? A colleague once saved old encrypted passwords to allow the "do they really know the old one" test to be done via challange-response. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]