Add policy Kerberos

guadaltech · Apr 2, 2020 · ada1aca · ada1aca
1 parent 164fd9c
commit ada1aca
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/Vagrantfile b/Vagrantfile
@@ -18,7 +18,7 @@ $vm_cpus = 1
 $vm_memory = 1024
 $vm_gui = false
 $exec_ansible = false
-$subnet_private = "10.45.10"
+$subnet_private = "192.168.33"
 $subnet_public = "10.80.1"
 $bridge = "enp2s0f1"
 

diff --git a/roles/kerberos/defaults/main.yml b/roles/kerberos/defaults/main.yml
@@ -5,6 +5,17 @@ kdc_port: 88
 kdc_conf_path: /etc/krb5kdc/kdc.conf
 kadm5_acl_path: /etc/krb5kdc/kadm5.acl
 
+# Passwd policy
+maxlife: "3 months"
+minlife: "1 months"
+minlength: 8
+minclasses: 4
+history: 12
+maxfailure: 15
+failurecountinterval: "2 hours"
+lockoutduration: "30 minutes"
+policy_name: "default"
+
 units:
   - krb5-kdc
   - krb5-admin-server
diff --git a/roles/kerberos/tasks/install_kerberos.yml b/roles/kerberos/tasks/install_kerberos.yml
@@ -50,6 +50,9 @@
 - name: Create an admin for administering Kerberos server
   shell: kadmin.local -q "addprinc -pw {{ kadmin_pass }} {{ kadmin_user }}/admin"
 
+- name: Create default password policy
+  shell: kadmin.local -q "add_policy -maxlife \"{{ maxlife }}\" -minlife \"{{ minlife }}\" -minlength {{ minlength }} -minclasses {{ minclasses }} -history {{ history }} -maxfailure {{ maxfailure }} -failurecountinterval \"{{ failurecountinterval }}\" -lockoutduration \"{{ lockoutduration }}\" {{ policy_name }}"
+
 - name: Copy blksmanager
   copy:
     src: "{{ role_path }}/files/blksmanager"