dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
958 B
---id: V-71913 status: opt-in tag: auth ---
The password quality requirements from the STIG are examples of good security practice, but deployers are strongly encouraged to use centralized authentication for administrative server access whenever possible.
Password quality requirements are controlled by two Ansible variables: one for each individual password requirement and one "master switch" variable. The master switch variable controls all password requirements and it is disabled by default.
Deployers can enable all password quality requirements by setting the
master switch variable to yes:
security_pwquality_apply_rules: yesWhen the master switch variable is enabled, each individual password quality requirement can be disabled by a variable. To disable the fix for this STIG control, set the following Ansible variable:
security_pwquality_require_character_classes_changed: no