Would you be willing to share the code on, say, a github gist ?
______________________________________________________________________________________________
Daniel E. White
daniel.e.white(a)nasa.gov<mailto:daniel.e.white@nasa.gov>
NICS Linux Engineer
NASA Goddard Space Flight Center
8800 Greenbelt Road
Building 14, Room E175
Greenbelt, MD 20771
Office: (301) 286-6919
Mobile: (240) 513-5290
From: Charles Hedrick via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
Reply-To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Date: Tuesday, January 28, 2020 at 14:21
To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Charles Hedrick <hedrick(a)rutgers.edu>
Subject: [EXTERNAL] [Freeipa-users] suggestion for password policy
The NIST recommendations for passwords say they don’t think character classes and expiration are useful. Instead, they recommend using a blacklist of known common passwords. There’s no way to implement this policy without writing your own plugin. It would be useful for IPA’s password policy to allow you to specify a database of forbidden passwords.
We’ve done this using a plugin, but I’d rather not have to write C code to implement policy.