os_auth_pw_remember has no effect on Ubuntu/Debian

[Sebster7]

Describe the bug The parameter os_auth_pw_remember has no effect on Ubuntu/Debian as far as I can tell, but this is not documented anywhere.

Expected behavior os_auth_pw_remember should control how many old passwords are recorded and should prevent re-use of these passwords on all supported operating systems. This setting is required for compliance with various standards.

Actual behavior

Nothing happens.

Example Playbook

- hosts: all
  collections:
    - devsec.hardening
  roles:
    - devsec.hardening.os_hardening
    - devsec.hardening.ssh_hardening
  vars:
    os_auth_pw_max_age: 90
    os_auth_pw_min_age: 7
    os_auth_pw_warn_age: 28 # This is a parameter I added to my fork
    os_auth_retries: 5
    os_auth_lockout_time: 1800
    os_auth_pw_remember: 10
    os_auth_pam_sssd_enable: false
    os_auth_pam_passwdqc_enable: true
    os_auth_pam_passwdqc_options: 'min=disabled,disabled,disabled,16,15 max=255' # Ubuntu
    os_auth_pam_pwquality_options: 'min=disabled,disabled,disabled,16,15 max=255' # RHEL
    os_auth_timeout: 60
    sftp_enabled: true
    ssh_permit_tunnel: true
    ssh_allow_tcp_forwarding: 'yes'
    ssh_allow_agent_forwarding: true
    ssh_client_alive_interval: 300
    ssh_print_debian_banner: false
    ssh_print_motd: false
    ssh_print_pam_motd: true
    ssh_print_last_log: true

OS / Environment

Ubuntu 20.04.4 LTS

Ansible Version

Ansible AWX 19.5.1.dev66+gddc428532f.d20211221

Role Version

[6.3.0](https://github.com/dev-sec/ansible-os-hardening/tree/6.3.0) (2020-10-28)

Additional context Preventing password re-use is required for compliance with various standards, e.g. PCI DSS v3.2.1.

[rndmh3ro]

Support for Pam on Debian and Ubuntu is generally lacking, so a pr to add support would be nice.