6e761efc9c
Several tasks in the auth.yml file were actually more closely related to accounts rather than authentication. This patch moves tasks from the auth.yml into accounts.yml and adjusts the docs to match. This should alleviate confusion and allow deployers to fine-tune their Ansible playbook runs. Change-Id: I962014ba9022dd256dc04da6b4ac0860797fbc24
20 lines
568 B
ReStructuredText
20 lines
568 B
ReStructuredText
---
|
|
id: V-71929
|
|
status: opt-in
|
|
tag: accounts
|
|
---
|
|
|
|
Although the STIG requires that all passwords have a maximum lifetime set, this
|
|
can cause authentication disruptions in production environments if users are
|
|
not aware that their password will expire. Therefore, this change is not
|
|
applied by default.
|
|
|
|
Deployers can opt in for this change and provide a maximum lifetime for user
|
|
passwords (in days) by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_password_max_lifetime_days: 60
|
|
|
|
The STIG requires that all passwords expire after 60 days.
|