freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipapwpolicy Manage FreeIPA pwpolicies Authors: Thomas Woerner (@t-woerner), Rafael Guterres Jeffman (@rjeffman) preview | supported by communityfreeipa.ansible_freeipa.ipapwpolicy (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Manage FreeIPA pwpolicies
# Ensure pwpolicy is set for ops - freeipa.ansible_freeipa.ipapwpolicy: ipaadmin_password: SomeADMINpassword name: ops minlife: 7 maxlife: 49 history: 5 priority: 1 lockouttime: 300 minlength: 8
name: aliases: - cn description: The group name elements: str required: false type: list state: choices: - present - absent default: present description: State to ensure type: str history: aliases: - krbpwdhistorylength description: Password history size. (int or "") required: false type: str maxfail: aliases: - krbpwdmaxfailure description: Consecutive failures before lockout. (int or "") required: false type: str maxlife: aliases: - krbmaxpwdlife description: Maximum password lifetime (in days). (int or "") required: false type: str minlife: aliases: - krbminpwdlife description: Minimum password lifetime (in hours). (int or "") required: false type: str priority: aliases: - cospriority description: 'Priority of the policy (higher number means lower priority). (int or "") ' required: false type: str dictcheck: aliases: - ipapwdictcheck description: 'Check if the password is a dictionary word. Requires IPA 4.9+. (bool or "") ' required: false type: str maxrepeat: aliases: - ipapwdmaxrepeat description: 'Maximum number of same consecutive characters. Requires IPA 4.9+. (int or "") ' required: false type: str minlength: aliases: - krbpwdminlength description: Minimum length of password. (int or "") required: false type: str usercheck: aliases: - ipapwdusercheck description: 'Check if the password contains the username. Requires IPA 4.9+. (bool or "") ' required: false type: str gracelimit: aliases: - passwordgracelimit description: 'Number of LDAP authentications allowed after expiration. Requires IPA 4.10.1+. (int or "") ' required: false type: str minclasses: aliases: - krbpwdmindiffchars description: Minimum number of character classes. (int or "") required: false type: str lockouttime: aliases: - krbpwdlockoutduration description: Period for which lockout is enforced (seconds). (int or "") required: false type: str maxsequence: aliases: - ipapwdmaxsequence description: 'The maximum length of monotonic character sequences (abcd). Requires IPA 4.9+. (int or "") ' required: false type: str failinterval: aliases: - krbpwdfailurecountinterval description: 'Period after which failure count will be reset (seconds). (int or "") ' required: false type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false type: str ipaadmin_password: description: The admin password. required: false type: str ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool ipaadmin_principal: default: admin description: The admin principal. type: str