dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
30 lines
958 B
ReStructuredText
30 lines
958 B
ReStructuredText
---
|
|
id: V-71913
|
|
status: opt-in
|
|
tag: auth
|
|
---
|
|
|
|
The password quality requirements from the STIG are examples of good security
|
|
practice, but deployers are strongly encouraged to use centralized
|
|
authentication for administrative server access whenever possible.
|
|
|
|
Password quality requirements are controlled by two Ansible variables: one for
|
|
each individual password requirement and one "master switch" variable. The
|
|
master switch variable controls all password requirements and it is **disabled
|
|
by default**.
|
|
|
|
Deployers can enable all password quality requirements by setting the master
|
|
switch variable to ``yes``:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_pwquality_apply_rules: yes
|
|
|
|
When the master switch variable is enabled, each individual password quality
|
|
requirement can be disabled by a variable. To disable the fix for this STIG
|
|
control, set the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_pwquality_require_character_classes_changed: no
|