summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/pwpolicy.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/pwpolicy.py')
-rw-r--r--ipalib/plugins/pwpolicy.py42
1 files changed, 22 insertions, 20 deletions
diff --git a/ipalib/plugins/pwpolicy.py b/ipalib/plugins/pwpolicy.py
index e7cfab65..dbbb4713 100644
--- a/ipalib/plugins/pwpolicy.py
+++ b/ipalib/plugins/pwpolicy.py
@@ -19,29 +19,31 @@
"""
Password policy
-A password policy sets limitations on passwords including maximum lifetime,
-minimum lifetime, number of passwords to save in history, number of character
-classes required (for stronger passwords) and the password minimum length.
-
-By default there is a single global policy for all users. One can also
-create a password policy associate with a group. A user has only one
-password policy, either the group policy or the global policy. A group
-policy stands alone, it isn't a super-set of the global policy plus
+A password policy sets limitations on IPA passwords, including maximum
+lifetime, minimum lifetime, the number of passwords to save in
+history, the number of character classes required (for stronger passwords)
+and the minimum password length.
+
+By default there is a single, global policy for all users. You can also
+create a password policy to apply to a group. Each user is only subject
+to one password policy, either the group policy or the global policy. A
+group policy stands alone; it is not a super-set of the global policy plus
custom settings.
Each group password policy requires a unique priority setting. If a user
-is in multiple groups that have password policies this priority determines
-which password policy is applied. The lower the value the higher the priority.
+is in multiple groups that have password policies, this priority determines
+which password policy is applied. A lower value indicates a higher priority
+policy.
-A group password policy is automatically removed when the group it is
-assicated with it is removed.
+Group password policies are automatically removed when the groups they
+are associated with are removed.
EXAMPLES:
- Update the global policy:
+ Modify the global policy:
ipa pwpolicy-mod --minlength=10
- Create a group password policy:
+ Add a new group password policy:
ipa pwpolicy-add --maxlife=90 --minlife=1 --history=10 --minclasses=3 --minlength=8 --priority=10 localadmins
Display the global password policy:
@@ -49,11 +51,11 @@ EXAMPLES:
Display a group password policy:
ipa pwpolicy-show localadmins
-
+
Display the policy that would be applied to a given user:
ipa pwpolicy-show --user=tuser1
- Modify a group policy:
+ Modify a group password policy:
ipa pwpolicy-mod --minclasses=2 localadmins
"""
@@ -266,7 +268,7 @@ api.register(pwpolicy)
class pwpolicy_add(LDAPCreate):
"""
- Create new group password policy.
+ Add a new group password policy.
"""
def get_args(self):
yield self.obj.primary_key.clone(attribute=True, required=True)
@@ -295,7 +297,7 @@ api.register(pwpolicy_add)
class pwpolicy_del(LDAPDelete):
"""
- Delete group password policy.
+ Delete a group password policy.
"""
def get_args(self):
yield self.obj.primary_key.clone(attribute=True, required=True)
@@ -312,7 +314,7 @@ api.register(pwpolicy_del)
class pwpolicy_mod(LDAPUpdate):
"""
- Modify group password policy.
+ Modify a group password policy.
"""
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
self.obj.convert_time_on_input(entry_attrs)
@@ -356,7 +358,7 @@ api.register(pwpolicy_mod)
class pwpolicy_show(LDAPRetrieve):
"""
- Display group password policy.
+ Display information about password policy.
"""
takes_options = (
Str('user?',