In a previous blog post, we learned how to force users to change their passwords on a regular basis. This prevents them from keeping the same password forever, but it does not prevent them from alternating between the same two passwords or between a handful of them. Fortunately, PAM, Linux‘s password management system, allows you to prevent users from reusing the same old passwords.
To limit password reuse, you will need to edit the /etc/pam.d/system-auth file.
Find the line that begins with “password” and add “remember=10” to the end of it:
password sufficient pam_unix.so use_authtok md5 shadow remember=10
Save the file and close it. Now users will not be able to reuse any of their last 10 passwords because Linux will always remember the last ten. You may select a higher or lower number depending on how stubborn your users are. Enjoy!