diff options
Diffstat (limited to 'ipalib/plugins/pwpolicy.py')
-rw-r--r-- | ipalib/plugins/pwpolicy.py | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py index e7cfab65..dbbb4713 100644 --- a/ipalib/plugins/pwpolicy.py +++ b/ipalib/plugins/pwpolicy.py @@ -19,29 +19,31 @@ """ Password policy -A password policy sets limitations on passwords including maximum lifetime, -minimum lifetime, number of passwords to save in history, number of character -classes required (for stronger passwords) and the password minimum length. - -By default there is a single global policy for all users. One can also -create a password policy associate with a group. A user has only one -password policy, either the group policy or the global policy. A group -policy stands alone, it isn't a super-set of the global policy plus +A password policy sets limitations on IPA passwords, including maximum +lifetime, minimum lifetime, the number of passwords to save in +history, the number of character classes required (for stronger passwords) +and the minimum password length. + +By default there is a single, global policy for all users. You can also +create a password policy to apply to a group. Each user is only subject +to one password policy, either the group policy or the global policy. A +group policy stands alone; it is not a super-set of the global policy plus custom settings. Each group password policy requires a unique priority setting. If a user -is in multiple groups that have password policies this priority determines -which password policy is applied. The lower the value the higher the priority. +is in multiple groups that have password policies, this priority determines +which password policy is applied. A lower value indicates a higher priority +policy. -A group password policy is automatically removed when the group it is -assicated with it is removed. +Group password policies are automatically removed when the groups they +are associated with are removed. EXAMPLES: - Update the global policy: + Modify the global policy: ipa pwpolicy-mod --minlength=10 - Create a group password policy: + Add a new group password policy: ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --minlength=8 --priority=10 localadmins Display the global password policy: @@ -49,11 +51,11 @@ EXAMPLES: Display a group password policy: ipa pwpolicy-show localadmins - + Display the policy that would be applied to a given user: ipa pwpolicy-show --user=tuser1 - Modify a group policy: + Modify a group password policy: ipa pwpolicy-mod --minclasses=2 localadmins """ @@ -266,7 +268,7 @@ api.register(pwpolicy) class pwpolicy_add(LDAPCreate): """ - Create new group password policy. + Add a new group password policy. """ def get_args(self): yield self.obj.primary_key.clone(attribute=True, required=True) @@ -295,7 +297,7 @@ api.register(pwpolicy_add) class pwpolicy_del(LDAPDelete): """ - Delete group password policy. + Delete a group password policy. """ def get_args(self): yield self.obj.primary_key.clone(attribute=True, required=True) @@ -312,7 +314,7 @@ api.register(pwpolicy_del) class pwpolicy_mod(LDAPUpdate): """ - Modify group password policy. + Modify a group password policy. """ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): self.obj.convert_time_on_input(entry_attrs) @@ -356,7 +358,7 @@ api.register(pwpolicy_mod) class pwpolicy_show(LDAPRetrieve): """ - Display group password policy. + Display information about password policy. """ takes_options = ( Str('user?', |