708cb62161
This patch adds a restriction for password re-use. Deployers must opt in for the change. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I5795bc28bd9270623d0d320b0e38746cc1700663
503 B
503 B
---id: RHEL-07-010240 status: opt-in tag: auth ---
Although the STIG requires that five passwords are remembered to prevent re-use, this can cause issues in production environment if the change is not communicated well to users. Therefore, the tasks in the security role do not apply this change by default.
Deployers can opt in for the change and specify a number of passwords to remember by setting the following Ansible variable:
security_password_remember_password: 5