freeipa.ansible_freeipa.ipapwpolicy (1.11.1) — module

Manage FreeIPA pwpolicies

Authors: Thomas Woerner (@t-woerner), Rafael Guterres Jeffman (@rjeffman)

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Manage FreeIPA pwpolicies

Usage examples

6
  • Warning
    Parameter 'minlife' coerced from 'int' to 'str' in module 'freeipa.ansible_freeipa.ipapwpolicy'. This may cause unexpected behaviour.
  • Warning
    Parameter 'maxlife' coerced from 'int' to 'str' in module 'freeipa.ansible_freeipa.ipapwpolicy'. This may cause unexpected behaviour.
  • Warning
    Parameter 'history' coerced from 'int' to 'str' in module 'freeipa.ansible_freeipa.ipapwpolicy'. This may cause unexpected behaviour.
  • Warning
    Parameter 'priority' coerced from 'int' to 'str' in module 'freeipa.ansible_freeipa.ipapwpolicy'. This may cause unexpected behaviour.
  • Warning
    Parameter 'lockouttime' coerced from 'int' to 'str' in module 'freeipa.ansible_freeipa.ipapwpolicy'. This may cause unexpected behaviour.
  • Warning
    Parameter 'minlength' coerced from 'int' to 'str' in module 'freeipa.ansible_freeipa.ipapwpolicy'. This may cause unexpected behaviour.
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure pwpolicy is set for ops
- freeipa.ansible_freeipa.ipapwpolicy:
    ipaadmin_password: SomeADMINpassword
    name: ops
    minlife: 7
    maxlife: 49
    history: 5
    priority: 1
    lockouttime: 300
    minlength: 8

Inputs

    
name:
    aliases:
    - cn
    description: The group name
    elements: str
    required: false
    type: list

state:
    choices:
    - present
    - absent
    default: present
    description: State to ensure
    type: str

history:
    aliases:
    - krbpwdhistorylength
    description: Password history size. (int or "")
    required: false
    type: str

maxfail:
    aliases:
    - krbpwdmaxfailure
    description: Consecutive failures before lockout. (int or "")
    required: false
    type: str

maxlife:
    aliases:
    - krbmaxpwdlife
    description: Maximum password lifetime (in days). (int or "")
    required: false
    type: str

minlife:
    aliases:
    - krbminpwdlife
    description: Minimum password lifetime (in hours). (int or "")
    required: false
    type: str

priority:
    aliases:
    - cospriority
    description: 'Priority of the policy (higher number means lower priority). (int or
      "")

      '
    required: false
    type: str

dictcheck:
    aliases:
    - ipapwdictcheck
    description: 'Check if the password is a dictionary word. Requires IPA 4.9+. (bool
      or "")

      '
    required: false
    type: str

maxrepeat:
    aliases:
    - ipapwdmaxrepeat
    description: 'Maximum number of same consecutive characters. Requires IPA 4.9+. (int
      or "")

      '
    required: false
    type: str

minlength:
    aliases:
    - krbpwdminlength
    description: Minimum length of password. (int or "")
    required: false
    type: str

usercheck:
    aliases:
    - ipapwdusercheck
    description: 'Check if the password contains the username. Requires IPA 4.9+. (bool
      or "")

      '
    required: false
    type: str

gracelimit:
    aliases:
    - passwordgracelimit
    description: 'Number of LDAP authentications allowed after expiration. Requires IPA
      4.10.1+. (int or "")

      '
    required: false
    type: str

minclasses:
    aliases:
    - krbpwdmindiffchars
    description: Minimum number of character classes. (int or "")
    required: false
    type: str

lockouttime:
    aliases:
    - krbpwdlockoutduration
    description: Period for which lockout is enforced (seconds). (int or "")
    required: false
    type: str

maxsequence:
    aliases:
    - ipapwdmaxsequence
    description: 'The maximum length of monotonic character sequences (abcd). Requires
      IPA 4.9+. (int or "")

      '
    required: false
    type: str

failinterval:
    aliases:
    - krbpwdfailurecountinterval
    description: 'Period after which failure count will be reset (seconds). (int or "")

      '
    required: false
    type: str

ipaapi_context:
    choices:
    - server
    - client
    description: 'The context in which the module will execute. Executing in a

      server context is preferred. If not provided context will be

      determined by the execution environment.

      '
    required: false
    type: str

ipaadmin_password:
    description: The admin password.
    required: false
    type: str

ipaapi_ldap_cache:
    default: true
    description: Use LDAP cache for IPA connection.
    type: bool

ipaadmin_principal:
    default: admin
    description: The admin principal.
    type: str