0eef112699
This patch refactors the login.defs adjustments into a single task that loops over a variable. It also adds tasks for RHEL-07-010200, RHEL-07-010420, and RHEL-07-020230. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I7c1f869d87338547da8943d5aa506ceb871cee68
20 lines
571 B
ReStructuredText
20 lines
571 B
ReStructuredText
---
|
|
id: RHEL-07-010220
|
|
status: opt-in
|
|
tag: auth
|
|
---
|
|
|
|
Although the STIG requires that all passwords have a maximum lifetime set, this
|
|
can cause authentication disruptions in production environments if users are
|
|
not aware that their password will expire. Therefore, this change is not
|
|
applied by default.
|
|
|
|
Deployers can opt in for this change and provide a maximum lifetime for user
|
|
passwords (in days) by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_password_max_lifetime_days: 60
|
|
|
|
The STIG requires that all passwords expire after 60 days.
|