Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • v1.14.6
  • v1.14.5
  • v1.14.4
  • v1.14.3
  • v1.14.2
  • v1.14.1
  • v1.14.0
  • v1.13.2
  • v1.13.1
  • v1.13.0
  • v1.12.1
  • v1.12.0
  • v1.11.1
  • v1.11.0
  • v1.10.0
  • v1.9.2
  • v1.9.1
  • v1.9.0
  • v1.8.4
  • v1.8.3
21 results
Blame Permalink
  • Thomas Woerner's avatar
    b3fd3a51
    New pwpolicy management module · b3fd3a51
    Thomas Woerner authored 
    There is a new pwpolicy management module placed in the plugins folder:

  plugins/modules/ipapwpolicy.py

The pwpolicy module allows to ensure presence and absence of pwpolicies for
groups.

Here is the documentation for the module:

  README-pwpolicy.md

New example playbooks have been added:

  playbooks/pwpolicy/pwpolicy_absent.yml
  playbooks/pwpolicy/pwpolicy_present.yml

New tests added for pwpolicy:

  tests/pwpolicy/test_pwpolicy.yml
    b3fd3a51
    History
    New pwpolicy management module
    Thomas Woerner authored 
    There is a new pwpolicy management module placed in the plugins folder:

  plugins/modules/ipapwpolicy.py

The pwpolicy module allows to ensure presence and absence of pwpolicies for
groups.

Here is the documentation for the module:

  README-pwpolicy.md

New example playbooks have been added:

  playbooks/pwpolicy/pwpolicy_absent.yml
  playbooks/pwpolicy/pwpolicy_present.yml

New tests added for pwpolicy:

  tests/pwpolicy/test_pwpolicy.yml
README-pwpolicy.md 2.40 KiB

Pwpolicy module

Description

The pwpolicy module allows to ensure presence and absence of pwpolicies.

Features

  • Pwpolicy management

Supported FreeIPA Versions

FreeIPA versions 4.4.0 and up are supported by the ipapwpolicy module.

Requirements

Controller

  • Ansible version: 2.8+

Node

  • Supported FreeIPA version (see above)

Usage

Example inventory file

[ipaserver]
ipaserver.test.local

Example playbook to ensure presence of pwpolicies for exisiting group ops:

  tasks:
  - name: Ensure presence of pwpolicies for group ops
    ipapwpolicy:
      ipaadmin_password: MyPassword123
      name: ops
      minlife: 7
      maxlife: 49
      history: 5
      priority: 1
      lockouttime: 300
      minlength: 8
      maxfail: 3

Example playbook to ensure absence of pwpolicies for group ops

---
- name: Playbook to handle pwpolicies
  hosts: ipaserver
  become: true

  tasks:
  # Ensure absence of pwpolicies for group ops
  - ipapwpolicy:
      ipaadmin_password: MyPassword123
      name: ops
      state: absent

Variables

ipapwpolicy

Variable Description Required
ipaadmin_principal The admin principal is a string and defaults to admin no
ipaadmin_password The admin password is a string and is required if there is no admin ticket available on the node no
name | cn The list of pwpolicy name strings. no
maxlife | krbmaxpwdlife Maximum password lifetime in days. (int) no
minlife | krbminpwdlife Minimum password lifetime in hours. (int) no
history | krbpwdhistorylength Password history size. (int) no
minclasses | krbpwdmindiffchars Minimum number of character classes. (int) no
minlength | krbpwdminlength Minimum length of password. (int) no
priority | cospriority Priority of the policy, higher number means lower priority. (int) no
maxfail | krbpwdmaxfailure Consecutive failures before lockout. (int) no
failinterval | krbpwdfailurecountinterval Period after which failure count will be reset in seconds. (int) no
lockouttime | krbpwdlockoutduration Period for which lockout is enforced in seconds. (int) no
state The state to ensure. It can be one of present or absent, default: present. yes

Authors

Thomas Woerner