Would you be willing to share the code on, say, a github gist ? ______________________________________________________________________________________________

Daniel E. White daniel.e.white@nasa.govmailto:daniel.e.white@nasa.gov NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290

From: Charles Hedrick via FreeIPA-users freeipa-users@lists.fedorahosted.org Reply-To: FreeIPA users list freeipa-users@lists.fedorahosted.org Date: Tuesday, January 28, 2020 at 14:21 To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Charles Hedrick hedrick@rutgers.edu Subject: [EXTERNAL] [Freeipa-users] suggestion for password policy

The NIST recommendations for passwords say they don’t think character classes and expiration are useful. Instead, they recommend using a blacklist of known common passwords. There’s no way to implement this policy without writing your own plugin. It would be useful for IPA’s password policy to allow you to specify a database of forbidden passwords.

We’ve done this using a plugin, but I’d rather not have to write C code to implement policy.