The NIST recommendations for passwords say they don’t think character classes and expiration are useful. Instead, they recommend using a blacklist of known common passwords. There’s no way to implement this policy without writing your own plugin. It would be useful for IPA’s password policy to allow you to specify a database of forbidden passwords.
We’ve done this using a plugin, but I’d rather not have to write C code to implement policy. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org