Restricting use of previous passwords:

https://documentation.suse.com/sles/15-SP3/html/SLES-all/sec-sec-user-management.html#sec-sec-prot-general-pam-pw-previous

"14.4.2 Restricting use of previous passwords".

According to the current documentation, it is stated that after executing the command #pam-config -a --pwhistory --pwhistory-remember=26, the configuration should be reflected in the /etc/pam.d/common-auth file as follows:

password required pam_pwhistory.so remember=26

However, upon verification within my testing environment, I have found that this configuration is not added to /etc/pam.d/common-auth as described. Instead, the configuration is correctly applied to /etc/pam.d/common-password with the same parameters:

password required pam_pwhistory.so remember=26

I kindly request that the documentation be updated to accurately reflect that the configuration is applied to /etc/pam.d/common-password rather than /etc/pam.d/common-auth. This correction will undoubtedly help prevent confusion and ensure a smoother configuration process for future users.



------
Default: /etc/pam.d/common-password
 # cat common-password
 password        requisite       pam_cracklib.so
 password        required        pam_unix.so     use_authtok nullok shadow try_first_pass

After setting pwhistory:/etc/pam.d/common-password
 #  pam-config -a --pwhistory --pwhistory-remember=26
 # cat common-password
 password        requisite       pam_cracklib.so
 password        required        pam_pwhistory.so        remember=26
 password        required        pam_unix.so     use_authtok nullok shadow try_first_pass