[Freeipa-devel] [freeipa PR#5160][opened] Add libpwquality checking to IPA password policy

URL: https://github.com/freeipa/freeipa/pull/5160 Author: rcritten Title: #5160: Add libpwquality checking to IPA password policy Action: opened PR body: """ This adds support for some of the libpwquality password checking features: * palindromes (automatic) * maximum number of repeats in a row * maximum number of monotonic sequences (abcde, 1234, etc) * check for username in the password * dict check via cracklib I attempted to retain backwards compatibility so didn't enable the character class evaluations. We could totally do this but it add six more knobs. I didn't enable the gecos check to avoid an nss lookup which would pass through a lot of libraries only to end up back at IPA :-) Note that pwquality has a minimum character limit of six which is different than IPA so a limit of six is enforced if any of the pwqualtiy values are set. I suspect the SELinux policy I wrote isn't awesome. TODO: finalize the IANA attributes and objectclasses values TODO: merge the test into another class or determine frequency to execute TODO: I'm open to ipa-next only """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5160/head:pr5160 git checkout pr5160