linux-system-roles.pam_pwd

Panoramica Versioni Approfondimenti

pam_pwd

ansible-lint ansible-test markdownlint tft tft_citest_bad woke

This role sets up PAM (Pluggable Authentication Modules) to enforce a password policy. This includes rules like minimum password length, complexity requirements, and keeping a history of old passwords. It works on the following systems:

  • Fedora 35 and newer
  • RHEL 7, 8, and 9 Beta
  • CentOS 7
  • CentOS Stream 8 and 9

The role has been tested with these Ansible versions:

  • ansible-core 2.11
  • ansible-core 2.12

To use this role, you need to define the role's variables, explained below.

Requirements

None.

Role Variables

Below are the variables you can set for this role, which are all listed in defaults/main.yml. The code block shows the default values for each variable.

pam_pwd_minlen: "12" # Minimum length for a password.
pam_pwd_history: "5" # Number of previous passwords that cannot be reused.
pam_pwd_dcredit: "-1" # Minimum requirement for digits in the password.
pam_pwd_ucredit: "-1" # Minimum requirement for uppercase letters in the password.
pam_pwd_lcredit: "-1" # Minimum requirement for lowercase letters in the password.
pam_pwd_ocredit: "-1" # Minimum requirement for special characters in the password.
pam_pwd_minclass: "4" # Minimum number of character types required in a new password.
pam_pwd_enforce_root: "enforce_for_root" # Whether to enforce password complexity for the root user.
pam_pwd_policy_name: "password-policy" # Name of the custom authselect profile for RHEL 8 only.
pam_pwd_deny: "5" # Number of failed login attempts before locking the account.
pam_pwd_unlock_time: "300" # Time in seconds before the locked account can be accessed again.

You can keep these default values if they work for you, or change them by specifying some or all of them in files like vars/main.yml, group_vars/, host_vars/, or your playbook.

Example Playbook

Here’s the simplest playbook to run this role:

- name: Manage pam password
  hosts: all
  roles:
    - linux-system-roles.pam_pwd

You can find more examples in the examples/ directory.

License

MIT.

Author Information

Author: Joerg Kastning
Contact: joerg.kastning@uni-bielefeld.de

Informazioni sul progetto

Configures PAM to implement a password policy

role el7 el8 el9 el10 fedora pam password policy
Installa
ansible-galaxy install linux-system-roles.pam_pwd
GitHub repository
1 stelle
5 fork
2 problemi aperti
Licenza
mit
Download
827
Proprietario