mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Command-line utility to manage password policy
432814
This commit is contained in:
parent
b9c7056a2a
commit
44797e3917
@ -18,6 +18,7 @@ install:
|
||||
install -m 755 ipa-findgroup $(SBINDIR)
|
||||
install -m 755 ipa-modgroup $(SBINDIR)
|
||||
install -m 755 ipa-passwd $(SBINDIR)
|
||||
install -m 755 ipa-pwpolicy $(SBINDIR)
|
||||
install -m 755 ipa-addservice $(SBINDIR)
|
||||
install -m 755 ipa-delservice $(SBINDIR)
|
||||
install -m 755 ipa-findservice $(SBINDIR)
|
||||
|
141
ipa-admintools/ipa-pwpolicy
Normal file
141
ipa-admintools/ipa-pwpolicy
Normal file
@ -0,0 +1,141 @@
|
||||
#! /usr/bin/python -E
|
||||
# Authors: Rob Crittenden <rcritten@redhat.com>
|
||||
#
|
||||
# Copyright (C) 2007 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License as
|
||||
# published by the Free Software Foundation; version 2 only
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
|
||||
import sys
|
||||
from optparse import OptionParser
|
||||
import ipa
|
||||
import ipa.entity
|
||||
import ipa.ipaclient as ipaclient
|
||||
import ipa.config
|
||||
|
||||
import xmlrpclib
|
||||
import kerberos
|
||||
import errno
|
||||
import validate
|
||||
|
||||
def usage():
|
||||
print "ipa-pwpolicy [--maxlife days] [--minlife hours] [--history number] [--minclasses number] [--minlength number]"
|
||||
print "ipa-pwpolicy --show"
|
||||
sys.exit(1)
|
||||
|
||||
def parse_options():
|
||||
parser = OptionParser()
|
||||
parser.add_option("--maxlife", dest="maxlife",
|
||||
help="Max. Password Lifetime (days)")
|
||||
parser.add_option("--minlife", dest="minlife",
|
||||
help="Min. Password Lifetime (hours)")
|
||||
parser.add_option("--history", dest="history",
|
||||
help="Password History Size")
|
||||
parser.add_option("--minclasses", dest="minclasses",
|
||||
help="Min. Number of Character Classes")
|
||||
parser.add_option("--minlength", dest="minlength",
|
||||
help="Min. Length of Password")
|
||||
parser.add_option("--show", dest="show", action="store_true",
|
||||
help="Show the current password policy")
|
||||
parser.add_option("--usage", action="store_true",
|
||||
help="Program usage")
|
||||
|
||||
args = ipa.config.init_config(sys.argv)
|
||||
options, args = parser.parse_args(args)
|
||||
|
||||
return options, args
|
||||
|
||||
def show_policy(client):
|
||||
policy = client.get_password_policy()
|
||||
print "Password Policy"
|
||||
print "Min. Password Lifetime (hours): %s" % policy.getValues('krbminpwdlife')
|
||||
print "Max. Password Lifetime (days): %s" % policy.getValues('krbmaxpwdlife')
|
||||
print "Min. Number of Character Classes: %s" % policy.getValues('krbpwdmindiffchars')
|
||||
print "Min. Length of Password: %s" % policy.getValues('krbpwdminlength')
|
||||
print "Password History Size: %s" % policy.getValues('krbpwdhistorylength')
|
||||
|
||||
def update_policy(client, options):
|
||||
if not options.maxlife and not options.minlife and not options.history and not options.minclasses and not options.minlength:
|
||||
usage()
|
||||
|
||||
current = client.get_password_policy()
|
||||
|
||||
new = ipa.entity.Entity(current.toDict())
|
||||
|
||||
if options.maxlife:
|
||||
if validate.is_integer(options.maxlife, min=0):
|
||||
new.setValue('krbmaxpwdlife', options.maxlife)
|
||||
if options.minlife:
|
||||
if validate.is_integer(options.minlife, min=0):
|
||||
new.setValue('krbminpwdlife', options.minlife)
|
||||
if options.history:
|
||||
if validate.is_integer(options.history, min=0):
|
||||
new.setValue('krbpwdhistorylength', options.history)
|
||||
if options.minclasses:
|
||||
if validate.is_integer(options.minclasses, min=0):
|
||||
new.setValue('krbpwdmindiffchars', options.minclasses)
|
||||
if options.minlength:
|
||||
if validate.is_integer(options.minlength, min=0):
|
||||
new.setValue('krbpwdminlength', options.minlength)
|
||||
|
||||
client.update_password_policy(new)
|
||||
|
||||
def main():
|
||||
options, args = parse_options()
|
||||
|
||||
if options.usage:
|
||||
usage()
|
||||
|
||||
try:
|
||||
client = ipaclient.IPAClient()
|
||||
|
||||
if options.show:
|
||||
show_policy(client)
|
||||
return 0
|
||||
|
||||
update_policy(client, options)
|
||||
except xmlrpclib.Fault, fault:
|
||||
if fault.faultCode == errno.ECONNREFUSED:
|
||||
print "The IPA XML-RPC service is not responding."
|
||||
else:
|
||||
print fault.faultString
|
||||
return 1
|
||||
except kerberos.GSSError, e:
|
||||
print "Could not initialize GSSAPI: %s/%s" % (e[0][0], e[0][1])
|
||||
return 1
|
||||
except xmlrpclib.ProtocolError, e:
|
||||
print "Unable to connect to IPA server: %s" % (e.errmsg)
|
||||
return 1
|
||||
except ipa.ipaerror.IPAError, e:
|
||||
print "%s" % (e.message)
|
||||
return 1
|
||||
except validate.VdtTypeError, e:
|
||||
print "%s" % (e.message)
|
||||
return 1
|
||||
except validate.VdtValueTooSmallError, e:
|
||||
print "%s" % (e.message)
|
||||
return 1
|
||||
except KeyboardInterrupt, e:
|
||||
return 1
|
||||
|
||||
return 0
|
||||
|
||||
try:
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
except SystemExit, e:
|
||||
sys.exit(e)
|
||||
except KeyboardInterrupt, e:
|
||||
sys.exit(1)
|
@ -17,6 +17,7 @@ MANFILES=\
|
||||
ipa-lockuser.1 \
|
||||
ipa-moddelegation.1 \
|
||||
ipa-passwd.1 \
|
||||
ipa-pwpolicy.1 \
|
||||
ipa-moduser.1 \
|
||||
ipa-getkeytab.1
|
||||
|
||||
|
51
ipa-admintools/man/ipa-pwpolicy.1
Normal file
51
ipa-admintools/man/ipa-pwpolicy.1
Normal file
@ -0,0 +1,51 @@
|
||||
.\" A man page for ipa-pwpolicy
|
||||
.\" Copyright (C) 2007 Red Hat, Inc.
|
||||
.\"
|
||||
.\" This is free software; you can redistribute it and/or modify it under
|
||||
.\" the terms of the GNU Library General Public License as published by
|
||||
.\" the Free Software Foundation; version 2 only
|
||||
.\"
|
||||
.\" This program is distributed in the hope that it will be useful, but
|
||||
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
.\" General Public License for more details.
|
||||
.\"
|
||||
.\" You should have received a copy of the GNU Library General Public
|
||||
.\" License along with this program; if not, write to the Free Software
|
||||
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-pwpolicy" "1" "Feb 25 2008" "freeipa" ""
|
||||
.SH "NAME"
|
||||
ipa\-pwpolicy \- Display or modify the IPA password policy
|
||||
|
||||
.SH "SYNOPSIS"
|
||||
ipa\-pwpolicy
|
||||
[\-\-maxlife days] [\-\-minlife hours] [\-\-history number] [\-\-minclasses number] [\-\-minlength number]
|
||||
.TP
|
||||
ipa\-pwpolicy \-\-show
|
||||
.SH "DESCRIPTION"
|
||||
Displays or updates the IPA password policy.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-\-maxlife\fR=\fIdays\fR
|
||||
Set the maximum Password Lifetime in days
|
||||
.TP
|
||||
\fB\-\-minlife\fR=\fIhours\fR
|
||||
Set the minimum Password Lifetime in hours
|
||||
.TP
|
||||
\fB\-\-history\fR=\fIinteger\fR
|
||||
The number of passwords stored in the password history. A value of 0 means do not store a password history.
|
||||
.TP
|
||||
\fB\-\-minclasses\fR=\fIinteger\fR
|
||||
Set the minimum number of character classes required in a password. The classes are alpha, numeric, mixed\-case and special characters.
|
||||
.TP
|
||||
\fB\-\-minlength\fR=\fIinteger\fR
|
||||
Set the minimum password length.
|
||||
.TP
|
||||
\fB\-\-show\fR
|
||||
Display the current password policy.
|
||||
.SH "EXIT STATUS"
|
||||
The exit status is 0 on success, nonzero on error.
|
@ -677,7 +677,7 @@ class RPCClient:
|
||||
"""Update the IPA password policy"""
|
||||
server = self.setup_server()
|
||||
try:
|
||||
result = server.update_password_policy(oldpolicy, newpolicy)
|
||||
result = server.update_password_policy(ipautil.wrap_binary_data(oldpolicy), ipautil.wrap_binary_data(newpolicy))
|
||||
except xmlrpclib.Fault, fault:
|
||||
raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
|
||||
except socket.error, (value, msg):
|
||||
|
Loading…
Reference in New Issue
Block a user