URL: https://github.com/freeipa/freeipa/pull/5160 Author: rcritten Title: #5160: Add libpwquality checking to IPA password policy Action: opened

PR body: """ This adds support for some of the libpwquality password checking features:

* palindromes (automatic) * maximum number of repeats in a row * maximum number of monotonic sequences (abcde, 1234, etc) * check for username in the password * dict check via cracklib

I attempted to retain backwards compatibility so didn't enable the character class evaluations. We could totally do this but it add six more knobs.

I didn't enable the gecos check to avoid an nss lookup which would pass through a lot of libraries only to end up back at IPA :-)

Note that pwquality has a minimum character limit of six which is different than IPA so a limit of six is enforced if any of the pwqualtiy values are set.

I suspect the SELinux policy I wrote isn't awesome.

TODO: finalize the IANA attributes and objectclasses values TODO: merge the test into another class or determine frequency to execute TODO: I'm open to ipa-next only """

To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5160/head:pr5160 git checkout pr5160