Try SpotterManage FreeIPA pwpolicies
Authors: Thomas Woerner
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections:
- name: freeipa.ansible_freeipa
version: 1.8.4Manage FreeIPA pwpolicies
# Ensure pwpolicy is set for ops
- freeipa.ansible_freeipa.ipapwpolicy:
ipaadmin_password: SomeADMINpassword
name: ops
minlife: 7
maxlife: 49
history: 5
priority: 1
lockouttime: 300
minlength: 8
name:
aliases:
- cn
description: The group name
required: false
state:
choices:
- present
- absent
default: present
description: State to ensure
history:
aliases:
- krbpwdhistorylength
description: Password history size
required: false
type: int
maxfail:
aliases:
- krbpwdmaxfailure
description: Consecutive failures before lockout
required: false
type: int
maxlife:
aliases:
- krbmaxpwdlife
description: Maximum password lifetime (in days)
required: false
type: int
minlife:
aliases:
- krbminpwdlife
description: Minimum password lifetime (in hours)
required: false
type: int
priority:
aliases:
- cospriority
description: Priority of the policy (higher number means lower priority)
required: false
type: int
minlength:
aliases:
- krbpwdminlength
description: Minimum length of password
required: false
type: int
minclasses:
aliases:
- krbpwdmindiffchars
description: Minimum number of character classes
required: false
type: int
lockouttime:
aliases:
- krbpwdlockoutduration
description: Period for which lockout is enforced (seconds)
required: false
type: int
failinterval:
aliases:
- krbpwdfailurecountinterval
description: Period after which failure count will be reset (seconds)
required: false
type: int
ipaadmin_password:
description: The admin password
required: false
ipaadmin_principal:
default: admin
description: The admin principal