mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
New pwpolicy management module
There is a new pwpolicy management module placed in the plugins folder: plugins/modules/ipapwpolicy.py The pwpolicy module allows to ensure presence and absence of pwpolicies for groups. Here is the documentation for the module: README-pwpolicy.md New example playbooks have been added: playbooks/pwpolicy/pwpolicy_absent.yml playbooks/pwpolicy/pwpolicy_present.yml New tests added for pwpolicy: tests/pwpolicy/test_pwpolicy.yml
This commit is contained in:
Thomas Woerner
102
README-pwpolicy.md
Normal file
102
README-pwpolicy.md
Normal file
@@ -0,0 +1,102 @@
|
||||
Pwpolicy module
|
||||
===============
|
||||
|
||||
Description
|
||||
-----------
|
||||
|
||||
The pwpolicy module allows to ensure presence and absence of pwpolicies.
|
||||
|
||||
|
||||
Features
|
||||
--------
|
||||
* Pwpolicy management
|
||||
|
||||
|
||||
Supported FreeIPA Versions
|
||||
--------------------------
|
||||
|
||||
FreeIPA versions 4.4.0 and up are supported by the ipapwpolicy module.
|
||||
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
**Controller**
|
||||
* Ansible version: 2.8+
|
||||
|
||||
**Node**
|
||||
* Supported FreeIPA version (see above)
|
||||
|
||||
|
||||
Usage
|
||||
=====
|
||||
|
||||
Example inventory file
|
||||
|
||||
```ini
|
||||
[ipaserver]
|
||||
ipaserver.test.local
|
||||
```
|
||||
|
||||
|
||||
Example playbook to ensure presence of pwpolicies for exisiting group ops:
|
||||
|
||||
```yaml
|
||||
tasks:
|
||||
- name: Ensure presence of pwpolicies for group ops
|
||||
ipapwpolicy:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: ops
|
||||
minlife: 7
|
||||
maxlife: 49
|
||||
history: 5
|
||||
priority: 1
|
||||
lockouttime: 300
|
||||
minlength: 8
|
||||
maxfail: 3
|
||||
```
|
||||
|
||||
Example playbook to ensure absence of pwpolicies for group ops
|
||||
|
||||
```yaml
|
||||
---
|
||||
- name: Playbook to handle pwpolicies
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
|
||||
tasks:
|
||||
# Ensure absence of pwpolicies for group ops
|
||||
- ipapwpolicy:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: ops
|
||||
state: absent
|
||||
```
|
||||
|
||||
|
||||
Variables
|
||||
=========
|
||||
|
||||
ipapwpolicy
|
||||
-------
|
||||
|
||||
Variable | Description | Required
|
||||
-------- | ----------- | --------
|
||||
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
|
||||
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
|
||||
`name` \| `cn` | The list of pwpolicy name strings. | no
|
||||
`maxlife` \| `krbmaxpwdlife` | Maximum password lifetime in days. (int) | no
|
||||
`minlife` \| `krbminpwdlife` | Minimum password lifetime in hours. (int) | no
|
||||
`history` \| `krbpwdhistorylength` | Password history size. (int) | no
|
||||
`minclasses` \| `krbpwdmindiffchars` | Minimum number of character classes. (int) | no
|
||||
`minlength` \| `krbpwdminlength` | Minimum length of password. (int) | no
|
||||
`priority` \| `cospriority` | Priority of the policy, higher number means lower priority. (int) | no
|
||||
`maxfail` \| `krbpwdmaxfailure` | Consecutive failures before lockout. (int) | no
|
||||
`failinterval` \| `krbpwdfailurecountinterval` | Period after which failure count will be reset in seconds. (int) | no
|
||||
`lockouttime` \| `krbpwdlockoutduration` | Period for which lockout is enforced in seconds. (int) | no
|
||||
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | yes
|
||||
|
||||
|
||||
Authors
|
||||
=======
|
||||
|
||||
Thomas Woerner
|
||||
Reference in New Issue
Block a user