708cb62161
This patch adds a restriction for password re-use. Deployers must opt in for the change. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I5795bc28bd9270623d0d320b0e38746cc1700663
18 lines
503 B
ReStructuredText
18 lines
503 B
ReStructuredText
---
|
|
id: RHEL-07-010240
|
|
status: opt-in
|
|
tag: auth
|
|
---
|
|
|
|
Although the STIG requires that five passwords are remembered to prevent re-
|
|
use, this can cause issues in production environment if the change is not
|
|
communicated well to users. Therefore, the tasks in the security role do not
|
|
apply this change by default.
|
|
|
|
Deployers can opt in for the change and specify a number of passwords to
|
|
remember by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_password_remember_password: 5
|