also use requisite for pwhistory

schurzi · schurzi · commit d693a8e20071 · 2021-03-23T08:53:49.000+01:00
Signed-off-by: Martin Schurz &lt;Martin.Schurz@t-systems.com&gt;
diff --git a/roles/os_hardening/templates/etc/pam.d/rhel_auth.j2 b/roles/os_hardening/templates/etc/pam.d/rhel_auth.j2
@@ -36,7 +36,7 @@ account     required      pam_permit.so
 password    requisite     pam_pwquality.so {{ os_auth_pam_pwquality_options }}
 {% endif %}
 {# NSA 2.3.3.6 Limit Password Reuse #}
-password    required      pam_pwhistory.so remember=5 use_authtok
+password    requisite     pam_pwhistory.so remember=5 use_authtok
 {# NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512 #}
 password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
 {% if (os_auth_pam_sssd_enable | bool) %}
