Got a request to reset a password of one of the development server’s account today. Apparently, one of the batch operators, mistyped the password one to many… It was locked.
It was an LDAP environment and the SOP is to change the password to a pre-defined default password and then the user will be the one he wants (Anyway, the user has no choice, once he puts the initial password he will be prompted to change it)
The problem is, the server wont allow him to use his old password. He wants to use it again since, he’s not the only one who uses that (group) account and changing it to his own, well, he have to tell it to everyone else who’s using the account.. and from what I’ve heard they are more than a handful.
Anyway, to help him, I checked the /etc/default/passwd and took a peek at HISTORY’s value. The number here shows how many password the system will remembers (root not included of course). It was set to 10.
Set it temporary to ‘0’ and changed the password. After confirming that all is good, changed the HISTORY parameters of /etc/default/passwd back to ’10’ , which is apparently our SOP on password history.
(Machine was a solaris sparc with Solaris 8.10)