The password change mechanism in pam_unix supports a "remember" parameter that writes the old password to /etc/security/opasswd, then cracklib checks that file for the validity of future passwords. This prevents password reuse. Does anyone know of a mechanism for supporting this in a more "modular" fashion or with modern mechanisms such as pam_ldap?