AIX, Security, System Admin↑ Clearing password history

Sometimes when password rules are very strict, a user may have problems creating a new password that is both easy to remember, and still adheres to the password rules. To aid the user, it could be useful to clear the password history for his or her account, so he or she can re-use a certain password that has been used in the past. The password history is stored in /etc/security/pwdhist.pag and /etc/security/pwdhist.dir. The command you can use to disable the password history for a user is:

# chuser histsize=0 username

Actually, this command does not the password history in /etc/security/pwdhist.dir and /etc/security/pwdhist.pag, but only changes the setting of histsize for the account to zero, meaning, that a user is not checked again on re-using old passwords. After the user has changed his or her password, you may want to set it back again to the default value:

# grep -p ^default /etc/security/user | grep histsize
        histsize = 20
# chuser histsize=20 username

In older AIX levels, this functionality (to use chuser histsize=0) would actually have cleared out the password history of the user. In later AIX levels, this functionality has vanished.

So, if you truely wish to delete the password history for a user, here's another way to clear the password history on a system: It is accomplished by zeroing out the pwdhist.pag and pwdhist.dir files. However, this results in the deletion of all password history for all users on the system:

# cp /dev/null /etc/security/pwdhist.pag
# cp /dev/null /etc/security/pwdhist.dir

Please note that his is a temporary measure. Once these files are zeroed out, as soon as a user changes his or her password again, the old password is stored again in these files and it can't be reused (unless the histsize attribute for a user is set to 0).

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Online Backups and Recovery in a Snap AIX
Viewed 4727 times since Wed, May 30, 2018
AIX, Installation, NIM↑ Creating an LPP source and SPOT in NIM
Viewed 14374 times since Fri, Apr 19, 2019
AIX, Security, System Admin Difference between sticky bit and SUID/GUID
Viewed 8715 times since Fri, Apr 19, 2019
AIX Creating a Volume Group
Viewed 2331 times since Tue, Jul 17, 2018
10 AIX Commands to Add to Your Toolbox
Viewed 4137 times since Sat, May 19, 2018
AIX Undocumented AIX command lquerypv
Viewed 3384 times since Tue, Jul 17, 2018
Topics: PowerHA / HACMP, Storage Adding a new volume group to an active PowerHA resource group
Viewed 2408 times since Mon, Jun 3, 2019
Kerberos, Active Directory and AIX
Viewed 6097 times since Mon, Jun 25, 2018
Part 2, Monitoring memory usage (ps, sar, svmon, vmstat) and analyzing the results AIX7
Viewed 12328 times since Wed, Jun 19, 2019
LVM: Extend an existing Volume Group by adding a new disk
Viewed 5339 times since Sat, Jun 2, 2018