source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-pwpolicy.md

c8 c8s master
  1.   2185b0943b03c1426fb4dd562d523c18d580d783
  2.   README-pwpolicy.md
Blob History Raw
Packit Service 0a38ef 
Pwpolicy module
Packit Service 0a38ef 
===============
Packit Service 0a38ef
Packit Service 0a38ef 
Description
Packit Service 0a38ef 
-----------
Packit Service 0a38ef
Packit Service 0a38ef 
The pwpolicy module allows to ensure presence and absence of pwpolicies.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Features
Packit Service 0a38ef 
--------
Packit Service 0a38ef 
* Pwpolicy management
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Supported FreeIPA Versions
Packit Service 0a38ef 
--------------------------
Packit Service 0a38ef
Packit Service 0a38ef 
FreeIPA versions 4.4.0 and up are supported by the ipapwpolicy module.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Requirements
Packit Service 0a38ef 
------------
Packit Service 0a38ef
Packit Service 0a38ef 
**Controller**
Packit Service 0a38ef 
* Ansible version: 2.8+
Packit Service 0a38ef
Packit Service 0a38ef 
**Node**
Packit Service 0a38ef 
* Supported FreeIPA version (see above)
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Usage
Packit Service 0a38ef 
=====
Packit Service 0a38ef
Packit Service 0a38ef 
Example inventory file
Packit Service 0a38ef
Packit Service 0a38ef 
```ini
Packit Service 0a38ef 
[ipaserver]
Packit Service 0a38ef 
ipaserver.test.local
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to ensure presence of pwpolicies for exisiting group ops:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Ensure presence of pwpolicies for group ops
Packit Service 0a38ef 
    ipapwpolicy:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: ops
Packit Service 0a38ef 
      minlife: 7
Packit Service 0a38ef 
      maxlife: 49
Packit Service 0a38ef 
      history: 5
Packit Service 0a38ef 
      priority: 1
Packit Service 0a38ef 
      lockouttime: 300
Packit Service 0a38ef 
      minlength: 8
Packit Service 0a38ef 
      maxfail: 3
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to ensure absence of pwpolicies for group ops:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle pwpolicies
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Ensure absence of pwpolicies for group ops
Packit Service 0a38ef 
  - ipapwpolicy:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: ops
Packit Service 0a38ef 
      state: absent
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to ensure maxlife is set to 49 in global policy:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle pwpolicies
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Ensure absence of pwpolicies for group ops
Packit Service 0a38ef 
  - ipapwpolicy:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      maxlife: 49
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Variables
Packit Service 0a38ef 
=========
Packit Service 0a38ef
Packit Service 0a38ef 
ipapwpolicy
Packit Service 0a38ef 
-------
Packit Service 0a38ef
Packit Service 0a38ef 
Variable | Description | Required
Packit Service 0a38ef 
-------- | ----------- | --------
Packit Service 0a38ef 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service 0a38ef 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service 0a38ef 
`name` \| `cn` | The list of pwpolicy name strings. If name is not given, `global_policy` will be used automatically. | no
Packit Service 0a38ef 
`maxlife` \| `krbmaxpwdlife` | Maximum password lifetime in days. (int) | no
Packit Service 0a38ef 
`minlife` \| `krbminpwdlife` | Minimum password lifetime in hours. (int) | no
Packit Service 0a38ef 
`history` \| `krbpwdhistorylength` | Password history size. (int) | no
Packit Service 0a38ef 
`minclasses` \| `krbpwdmindiffchars` | Minimum number of character classes. (int) | no
Packit Service 0a38ef 
`minlength` \| `krbpwdminlength` | Minimum length of password. (int) | no
Packit Service 0a38ef 
`priority` \| `cospriority` | Priority of the policy, higher number means lower priority. (int) | no
Packit Service 0a38ef 
`maxfail` \| `krbpwdmaxfailure` | Consecutive failures before lockout. (int) | no
Packit Service 0a38ef 
`failinterval` \| `krbpwdfailurecountinterval` | Period after which failure count will be reset in seconds. (int) | no
Packit Service 0a38ef 
`lockouttime` \| `krbpwdlockoutduration` | Period for which lockout is enforced in seconds. (int) | no
Packit Service 0a38ef 
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | yes
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Authors
Packit Service 0a38ef 
=======
Packit Service 0a38ef
Packit Service 0a38ef 
Thomas Woerner

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation