Try SpotterManage FreeIPA pwpolicies
Authors: Thomas Woerner (@t-woerner), Rafael Guterres Jeffman (@rjeffman)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Manage FreeIPA pwpolicies
# Ensure pwpolicy is set for ops
- freeipa.ansible_freeipa.ipapwpolicy:
ipaadmin_password: SomeADMINpassword
name: ops
minlife: 7
maxlife: 49
history: 5
priority: 1
lockouttime: 300
minlength: 8
name:
aliases:
- cn
description: The group name
elements: str
required: false
type: list
state:
choices:
- present
- absent
default: present
description: State to ensure
type: str
history:
aliases:
- krbpwdhistorylength
description: Password history size. (int or "")
required: false
type: str
maxfail:
aliases:
- krbpwdmaxfailure
description: Consecutive failures before lockout. (int or "")
required: false
type: str
maxlife:
aliases:
- krbmaxpwdlife
description: Maximum password lifetime (in days). (int or "")
required: false
type: str
minlife:
aliases:
- krbminpwdlife
description: Minimum password lifetime (in hours). (int or "")
required: false
type: str
priority:
aliases:
- cospriority
description: 'Priority of the policy (higher number means lower priority). (int or
"")
'
required: false
type: str
dictcheck:
aliases:
- ipapwdictcheck
description: 'Check if the password is a dictionary word. Requires IPA 4.9+. (bool
or "")
'
required: false
type: str
maxrepeat:
aliases:
- ipapwdmaxrepeat
description: 'Maximum number of same consecutive characters. Requires IPA 4.9+. (int
or "")
'
required: false
type: str
minlength:
aliases:
- krbpwdminlength
description: Minimum length of password. (int or "")
required: false
type: str
usercheck:
aliases:
- ipapwdusercheck
description: 'Check if the password contains the username. Requires IPA 4.9+. (bool
or "")
'
required: false
type: str
gracelimit:
aliases:
- passwordgracelimit
description: 'Number of LDAP authentications allowed after expiration. Requires IPA
4.10.1+. (int or "")
'
required: false
type: str
minclasses:
aliases:
- krbpwdmindiffchars
description: Minimum number of character classes. (int or "")
required: false
type: str
lockouttime:
aliases:
- krbpwdlockoutduration
description: Period for which lockout is enforced (seconds). (int or "")
required: false
type: str
maxsequence:
aliases:
- ipapwdmaxsequence
description: 'The maximum length of monotonic character sequences (abcd). Requires
IPA 4.9+. (int or "")
'
required: false
type: str
failinterval:
aliases:
- krbpwdfailurecountinterval
description: 'Period after which failure count will be reset (seconds). (int or "")
'
required: false
type: str
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
type: str
ipaadmin_password:
description: The admin password.
required: false
type: str
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
ipaadmin_principal:
default: admin
description: The admin principal.
type: str