Try SpotterSetting password policy configuration.
| "added in version" 3.0.0 of check_point.gaia"
Authors: Ameer Asli (@chkp-ameera)
Install with ansible-galaxy collection install check_point.gaia:==5.0.1
collections:
- name: check_point.gaia
version: 5.0.1Setting password policy configuration.
- name: Change password policy
check_point.gaia.cp_gaia_password_policy:
lock_settings: {'failed_attempts_settings': {'failed_attempts_allowed': 10,
'failed_lock_duration_seconds': 1200,
'failed_lock_enabled': False,
'failed_lock_enforced_on_admin': False},
'inactivity_settings': {'inactivity_threshold_days': 365, 'lock_unused_accounts_enabled': False},
'must_one_time_password_enabled': False,
'password_expiration_days': 60,
'password_expiration_maximum_days_before_lock': 1000,
'password_expiration_warning_days': 7}
password_history: {'check_history_enabled': True, 'repeated_history_length': 10}
password_strength: {'complexity': 2, 'minimum_length': 6, 'palindrome_check_enabled': True}
version:
description: Gaia API version for example 1.6.
required: false
type: str
lock_settings:
description: Password change configuration.
required: false
suboptions:
failed_attempts_settings:
description: Failed attempts configuration.
required: false
suboptions:
failed_attempts_allowed:
default: 10
description: Amount of login attempts allowed before lockout, Valid values
are 2-1000.
required: false
type: int
failed_lock_duration_seconds:
default: 1200
description: Password failed logging lockout duration, Valid values are 60-604800.
required: false
type: int
failed_lock_enabled:
default: false
description: Lock user after exceeded maximum allowed login attempts.
required: false
type: bool
failed_lock_enforced_on_admin:
default: false
description: Enforce failed lockout on admin user.
required: false
type: bool
type: dict
inactivity_settings:
description: Inactivity configuration.
required: false
suboptions:
inactivity_threshold_days:
default: 365
description: Inactivity days to password expiration lockout, Valid values
are 1-1827.
required: false
type: int
lock_unused_accounts_enabled:
default: false
description: Password lock unused accounts.
required: false
type: bool
type: dict
must_one_time_password_enabled:
default: false
description: Forces a user to change their password after it has been set via
"User Management" (but not via "Self Password Change" or forced change at login).
Use this command to set the value.
required: false
type: bool
password_expiration_days:
description: Password expiration lifetime, Valid values are 60-604800.
required: false
type: int
password_expiration_maximum_days_before_lock:
description: Password expiration lockout in days, Valid values are 1-1827.
required: false
type: int
password_expiration_warning_days:
default: 7
description: Number of days before a password expires that the user gets warned,
Valid values are 1-366.
required: false
type: int
type: dict
password_history:
description: Password history configuration.
required: false
suboptions:
check_history_enabled:
default: false
description: Password history check.
required: false
type: bool
repeated_history_length:
default: 10
description: Password history length.
required: false
type: int
type: dict
password_strength:
description: Password history configuration.
required: false
suboptions:
complexity:
default: 2
description: Password complexity, Valid values are 1-4.
required: false
type: int
minimum_length:
default: 6
description: Password minimum length, Valid values are 6-128.
required: false
type: int
palindrome_check_enabled:
default: true
description: Password palindrome check.
required: false
type: bool
type: dict
password_policy: description: The checkpoint object updated. returned: always. type: dict