RHEL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.
RHEL 8 uses "pwhistory" consecutively as a mechanism to prohibit password reuse. This is set in both:
Note that manual changes to the listed files may be overwritten by the "authselect" program.