diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/ansible/shared.yml
index 6442dde3397..91f0ee17e1d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/ansible/shared.yml
@@ -6,9 +6,6 @@
 
 {{% if 'ubuntu' in product or 'debian' in product %}}
 {{%- set pam_config_paths = "['/etc/pam.d/common-password', '/etc/pam.d/common-auth', '/etc/pam.d/common-account', '/etc/pam.d/common-session', '/etc/pam.d/common-session-noninteractive']" %}}
-{{% else %}}
-{{%- set pam_config_paths = "['/etc/pam.d/system-auth', '/etc/pam.d/password-auth']" -%}}
-{{% endif %}}
 
 - name: '{{{ rule_title }}} - Remove remember option from pam_unix.so'
   ansible.builtin.replace:
@@ -16,3 +13,8 @@
     regexp: '(\s+pam_unix\.so.*)\s+remember=\d+\b(.*)'
     replace: '\1\2'
   loop: {{{ pam_config_paths }}}
+{{% else %}}
+{{{ ansible_remove_pam_module_option_configuration('/etc/pam.d/system-auth', 'password', '', 'pam_unix.so', 'remember', rule_title=rule_title) }}}
+
+{{{ ansible_remove_pam_module_option_configuration('/etc/pam.d/password-auth', 'password', '', 'pam_unix.so', 'remember', rule_title=rule_title) }}}
+{{% endif %}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/bash/shared.sh
index d2692132850..03336f17073 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/bash/shared.sh
@@ -18,10 +18,10 @@ DEBIAN_FRONTEND=noninteractive pam-auth-update
 {{% else %}}
 # RHEL-based systems: Use authselect-aware approach
 if [ -f /usr/bin/authselect ]; then
-    {{{ bash_remove_pam_module_option_configuration('/etc/pam.d/system-auth', 'password', '', 'pam_unix.so', 'remember') }}}
-    {{{ bash_remove_pam_module_option_configuration('/etc/pam.d/password-auth', 'password', '', 'pam_unix.so', 'remember') }}}
+    {{{ bash_remove_pam_module_option_configuration('/etc/pam.d/system-auth', 'password', '.*', 'pam_unix.so', 'remember') }}}
+    {{{ bash_remove_pam_module_option_configuration('/etc/pam.d/password-auth', 'password', '.*', 'pam_unix.so', 'remember') }}}
 else
-    {{{ bash_remove_pam_module_option('/etc/pam.d/system-auth', 'password', '', 'pam_unix.so', 'remember') }}}
-    {{{ bash_remove_pam_module_option('/etc/pam.d/password-auth', 'password', '', 'pam_unix.so', 'remember') }}}
+    {{{ bash_remove_pam_module_option('/etc/pam.d/system-auth', 'password', '.*', 'pam_unix.so', 'remember') }}}
+    {{{ bash_remove_pam_module_option('/etc/pam.d/password-auth', 'password', '.*', 'pam_unix.so', 'remember') }}}
 fi
 {{% endif %}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/no_remember_authselect.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/no_remember_authselect.pass.sh
new file mode 100644
index 00000000000..e5e4a502d37
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/no_remember_authselect.pass.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux
+# packages = pam
+
+authselect create-profile hardening -b sssd
+CUSTOM_PROFILE="custom/hardening"
+authselect select $CUSTOM_PROFILE --force
+CUSTOM_PASSWORD_AUTH="/etc/authselect/$CUSTOM_PROFILE/password-auth"
+CUSTOM_SYSTEM_AUTH="/etc/authselect/$CUSTOM_PROFILE/system-auth"
+
+# Ensure system-auth and password-auth don't have remember option
+sed -i --follow-symlinks '/pam_unix\.so.*remember=/d' $CUSTOM_SYSTEM_AUTH
+sed -i --follow-symlinks '/pam_unix\.so.*remember=/d' $CUSTOM_PASSWORD_AUTH
+
+# Add a clean pam_unix.so line without remember if it doesn't exist
+if ! grep -q "^password.*pam_unix\.so" $CUSTOM_SYSTEM_AUTH; then
+    echo "password    sufficient    pam_unix.so sha512 shadow try_first_pass use_authtok" >> $CUSTOM_SYSTEM_AUTH
+fi
+
+if ! grep -q "^password.*pam_unix\.so" $CUSTOM_PASSWORD_AUTH; then
+    echo "password    sufficient    pam_unix.so sha512 shadow try_first_pass use_authtok" >> $CUSTOM_PASSWORD_AUTH
+fi
+
+authselect apply-changes -b
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/no_remember_rhel.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/no_remember_rhel.pass.sh
deleted file mode 100644
index 92ce2278b8e..00000000000
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/no_remember_rhel.pass.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux
-# packages = pam
-
-# Ensure system-auth and password-auth don't have remember option
-sed -i --follow-symlinks '/pam_unix\.so.*remember=/d' /etc/pam.d/system-auth
-sed -i --follow-symlinks '/pam_unix\.so.*remember=/d' /etc/pam.d/password-auth
-
-# Add a clean pam_unix.so line without remember if it doesn't exist
-if ! grep -q "^password.*pam_unix\.so" /etc/pam.d/system-auth; then
-    echo "password    sufficient    pam_unix.so sha512 shadow try_first_pass use_authtok" >> /etc/pam.d/system-auth
-fi
-
-if ! grep -q "^password.*pam_unix\.so" /etc/pam.d/password-auth; then
-    echo "password    sufficient    pam_unix.so sha512 shadow try_first_pass use_authtok" >> /etc/pam.d/password-auth
-fi
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_commented_authselect.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_commented_authselect.pass.sh
new file mode 100644
index 00000000000..09c4d09963b
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_commented_authselect.pass.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux
+# packages = pam
+
+authselect create-profile hardening -b sssd
+CUSTOM_PROFILE="custom/hardening"
+authselect select $CUSTOM_PROFILE --force
+CUSTOM_PASSWORD_AUTH="/etc/authselect/$CUSTOM_PROFILE/password-auth"
+CUSTOM_SYSTEM_AUTH="/etc/authselect/$CUSTOM_PROFILE/system-auth"
+
+# Commented lines should pass (comments are ignored)
+sed -i --follow-symlinks '/pam_unix\.so.*remember=/d' $CUSTOM_SYSTEM_AUTH
+sed -i --follow-symlinks '/pam_unix\.so.*remember=/d' $CUSTOM_PASSWORD_AUTH
+
+# Add commented line with remember (should be ignored)
+echo "# password    sufficient    pam_unix.so sha512 shadow remember=5" >> $CUSTOM_SYSTEM_AUTH
+echo "# password    sufficient    pam_unix.so sha512 shadow remember=5" >> $CUSTOM_PASSWORD_AUTH
+
+# Add clean active lines without remember
+echo "password    sufficient    pam_unix.so sha512 shadow" >> $CUSTOM_SYSTEM_AUTH
+echo "password    sufficient    pam_unix.so sha512 shadow" >> $CUSTOM_PASSWORD_AUTH
+
+authselect apply-changes -b
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_commented_rhel.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_commented_rhel.pass.sh
deleted file mode 100644
index f3cb36505d1..00000000000
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_commented_rhel.pass.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux
-# packages = pam
-
-# Commented lines should pass (comments are ignored)
-sed -i --follow-symlinks '/pam_unix\.so.*remember=/d' /etc/pam.d/system-auth
-sed -i --follow-symlinks '/pam_unix\.so.*remember=/d' /etc/pam.d/password-auth
-
-# Add commented line with remember (should be ignored)
-echo "# password    sufficient    pam_unix.so sha512 shadow remember=5" >> /etc/pam.d/system-auth
-echo "# password    sufficient    pam_unix.so sha512 shadow remember=5" >> /etc/pam.d/password-auth
-
-# Add clean active lines without remember
-echo "password    sufficient    pam_unix.so sha512 shadow" >> /etc/pam.d/system-auth
-echo "password    sufficient    pam_unix.so sha512 shadow" >> /etc/pam.d/password-auth
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_present_password_auth.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_present_password_auth.fail.sh
index 67d6ca691e2..4875c791a3d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_present_password_auth.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_present_password_auth.fail.sh
@@ -2,11 +2,18 @@
 # platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux
 # packages = pam
 
+authselect create-profile hardening -b sssd
+CUSTOM_PROFILE="custom/hardening"
+authselect select $CUSTOM_PROFILE --force
+CUSTOM_PASSWORD_AUTH="/etc/authselect/$CUSTOM_PROFILE/password-auth"
+
 # Add remember option to password-auth (should fail)
-if grep -q "^password.*pam_unix\.so" /etc/pam.d/password-auth; then
+if grep -q "^password.*pam_unix\.so" $CUSTOM_PASSWORD_AUTH; then
     # If pam_unix.so line exists, add remember option
-    sed -i --follow-symlinks 's/\(^password.*pam_unix\.so.*\)/\1 remember=5/' /etc/pam.d/password-auth
+    sed -i --follow-symlinks 's/\(^password.*pam_unix\.so.*\)/\1 remember=5/' $CUSTOM_PASSWORD_AUTH
 else
     # If no pam_unix.so line exists, add one with remember
-    echo "password    sufficient    pam_unix.so sha512 shadow remember=5" >> /etc/pam.d/password-auth
+    echo "password    sufficient    pam_unix.so sha512 shadow remember=5" >> $CUSTOM_PASSWORD_AUTH
 fi
+
+authselect apply-changes -b
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_present_system_auth.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_present_system_auth.fail.sh
index 1914e2484f4..5e6338858a8 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_present_system_auth.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_no_remember/tests/remember_present_system_auth.fail.sh
@@ -2,11 +2,18 @@
 # platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux
 # packages = pam
 
+authselect create-profile hardening -b sssd
+CUSTOM_PROFILE="custom/hardening"
+authselect select $CUSTOM_PROFILE --force
+CUSTOM_SYSTEM_AUTH="/etc/authselect/$CUSTOM_PROFILE/system-auth"
+
 # Add remember option to system-auth (should fail)
-if grep -q "^password.*pam_unix\.so" /etc/pam.d/system-auth; then
+if grep -q "^password.*pam_unix\.so" $CUSTOM_SYSTEM_AUTH; then
     # If pam_unix.so line exists, add remember option
-    sed -i --follow-symlinks 's/\(^password.*pam_unix\.so.*\)/\1 remember=5/' /etc/pam.d/system-auth
+    sed -i --follow-symlinks 's/\(^password.*pam_unix\.so.*\)/\1 remember=5/' $CUSTOM_SYSTEM_AUTH
 else
     # If no pam_unix.so line exists, add one with remember
-    echo "password    sufficient    pam_unix.so sha512 shadow remember=5" >> /etc/pam.d/system-auth
+    echo "password    sufficient    pam_unix.so sha512 shadow remember=5" >> $CUSTOM_SYSTEM_AUTH
 fi
+
+authselect apply-changes -b