From ada1aca4461871e2e16d6d9f17ae1f797b457a33 Mon Sep 17 00:00:00 2001 From: tedezed Date: Thu, 2 Apr 2020 17:04:03 +0200 Subject: [PATCH] Add policy Kerberos --- Vagrantfile | 2 +- roles/kerberos/defaults/main.yml | 11 +++++++++++ roles/kerberos/tasks/install_kerberos.yml | 3 +++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index 1c5b837..f0de3f5 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -18,7 +18,7 @@ $vm_cpus = 1 $vm_memory = 1024 $vm_gui = false $exec_ansible = false -$subnet_private = "10.45.10" +$subnet_private = "192.168.33" $subnet_public = "10.80.1" $bridge = "enp2s0f1" diff --git a/roles/kerberos/defaults/main.yml b/roles/kerberos/defaults/main.yml index 27a99e9..176a34f 100644 --- a/roles/kerberos/defaults/main.yml +++ b/roles/kerberos/defaults/main.yml @@ -5,6 +5,17 @@ kdc_port: 88 kdc_conf_path: /etc/krb5kdc/kdc.conf kadm5_acl_path: /etc/krb5kdc/kadm5.acl +# Passwd policy +maxlife: "3 months" +minlife: "1 months" +minlength: 8 +minclasses: 4 +history: 12 +maxfailure: 15 +failurecountinterval: "2 hours" +lockoutduration: "30 minutes" +policy_name: "default" + units: - krb5-kdc - krb5-admin-server \ No newline at end of file diff --git a/roles/kerberos/tasks/install_kerberos.yml b/roles/kerberos/tasks/install_kerberos.yml index 40afa8a..40e20e8 100644 --- a/roles/kerberos/tasks/install_kerberos.yml +++ b/roles/kerberos/tasks/install_kerberos.yml @@ -50,6 +50,9 @@ - name: Create an admin for administering Kerberos server shell: kadmin.local -q "addprinc -pw {{ kadmin_pass }} {{ kadmin_user }}/admin" +- name: Create default password policy + shell: kadmin.local -q "add_policy -maxlife \"{{ maxlife }}\" -minlife \"{{ minlife }}\" -minlength {{ minlength }} -minclasses {{ minclasses }} -history {{ history }} -maxfailure {{ maxfailure }} -failurecountinterval \"{{ failurecountinterval }}\" -lockoutduration \"{{ lockoutduration }}\" {{ policy_name }}" + - name: Copy blksmanager copy: src: "{{ role_path }}/files/blksmanager"