linuxfabrik.lfops.ipapwpolicy

Manage FreeIPA pwpolicies

Synopsis

• Manage FreeIPA pwpolicies

Available since LFOps 6.0.0.

Optional Parameters

dictcheck

• Check if the password is a dictionary word. Requires IPA 4.9+. (bool or "")
• Type: String.

failinterval

• Period after which failure count will be reset (seconds). (int or "")
• Type: String.

gracelimit

• Number of LDAP authentications allowed after expiration. Requires IPA 4.10.1+. (int or "")
• Type: String.

history

• Password history size. (int or "")
• Type: String.

lockouttime

• Period for which lockout is enforced (seconds). (int or "")
• Type: String.

maxfail

• Consecutive failures before lockout. (int or "")
• Type: String.

maxlife

• Maximum password lifetime (in days). (int or "")
• Type: String.

maxrepeat

• Maximum number of same consecutive characters. Requires IPA 4.9+. (int or "")
• Type: String.

maxsequence

• The maximum length of monotonic character sequences (abcd). Requires IPA 4.9+. (int or "")
• Type: String.

minclasses

• Minimum number of character classes. (int or "")
• Type: String.

minlength

• Minimum length of password. (int or "")
• Type: String.

minlife

• Minimum password lifetime (in hours). (int or "")
• Type: String.

name

• The group name
• Type: List.

priority

• Priority of the policy (higher number means lower priority). (int or "")
• Type: String.

state

• State to ensure
• Type: String. One of present, absent.
• Default: present

usercheck

• Check if the password contains the username. Requires IPA 4.9+. (bool or "")
• Type: String.

Examples

# Ensure pwpolicy is set for ops
- ipapwpolicy:
    ipaadmin_password: SomeADMINpassword
    name: ops
    minlife: 7
    maxlife: 49
    history: 5
    priority: 1
    lockouttime: 300
    minlength: 8

Authors

• Thomas Woerner (@t-woerner)
• Rafael Guterres Jeffman (@rjeffman)