How/where can I have puppet set the freeipa password policy

asked 2017-01-27 09:50:00 -0500

bbraml gravatar image

updated 2017-01-27 09:50:43 -0500

I know how to set the policy from the gui and command line, but I can't find how and where to have puppet set the password policy for my FreeIPA. Here is my global policy command.

ipa pwpolicy-add --minlength=6 --minclasses=3 --maxlife=60 --minlife=24 --maxfail=3 --failinterval=3600 --lockouttime=3600 --priority=20

any help is much appreciated.

edit retag flag offensive close merge delete

Comments

Since there's no native puppet resource type for this, you can utilize the [exec resource type](https://docs.puppet.com/puppet/4.8/types/exec.html) (with a proper condition). Also, a `puppet module search freeipa` may reveal some interesting modules.

Kai Burghardt gravatar imageKai Burghardt ( 2017-01-28 04:48:43 -0500 )edit

The other option is to write a custom type that wraps using the ipa commands to properly query/verify state, and ensure the correct changes. It requires getting a bit down and dirty with ruby. https://docs.puppet.com/guides/custom_types.html

DarylW gravatar imageDarylW ( 2017-01-29 20:48:18 -0500 )edit