Title: #5160: Add libpwquality checking to IPA password policy
This adds support for some of the libpwquality password checking features:
* palindromes (automatic)
* maximum number of repeats in a row
* maximum number of monotonic sequences (abcde, 1234, etc)
* check for username in the password
* dict check via cracklib
I attempted to retain backwards compatibility so didn't enable the character class
evaluations. We could totally do this but it add six more knobs.
I didn't enable the gecos check to avoid an nss lookup which would pass through a lot
of libraries only to end up back at IPA :-)
Note that pwquality has a minimum character limit of six which is different than IPA so a
limit of six is enforced if any of the pwqualtiy values are set.
I suspect the SELinux policy I wrote isn't awesome.
TODO: finalize the IANA attributes and objectclasses values
TODO: merge the test into another class or determine frequency to execute
TODO: I'm open to ipa-next only
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5160/head:pr5160
git checkout pr5160