password_rules_policies – Manages password rules and policies
Synopsis
Manages password rules and policies by modifying stanza attributes in AIX config file - /etc/security/user using the chsec command.
Requirements
The below requirements are needed on the host that executes this module.
AIX
Python >= 2.7
Privileged user with authorizations
Parameters
- state (optional, str, present)
If set to
presentall given attrs values will be set.If set to
absentall attrs provided will be un-set, regardless of value provided. - NB, this does not remove the entire stanza, only the provided attrs will be removed. - To remove a single attribute from the stanza set topresentand set key to an empty value (key=).All rules/allowed file-stanza combos/allowed files for the AIX
chseccommand apply here.- stanza (True, str, None)
Name of stanza to modify attributes of
account_locked (False, bool, None)
admin (False, bool, None)
admgroups (False, list, None)
auditclasses (False, list, None)
auth1 (False, list, None)
auth2 (False, list, None)
core_compress (False, str, None)
core_path (False, str, None)
core_pathname (False, str, None)
core_naming (False, str, None)
daemon (False, bool, None)
dce_export (False, bool, None)
dictionlist (False, list, None)
minloweralpha (False, str, None)
minupperalpha (False, str, None)
mindigit (False, str, None)
minspecialchar (False, str, None)
efs_adminks_access (False, str, None)
efs_allowksmodechangebyuser (False, str, None)
efs_file_algo (False, str, None)
efs_initialks_mode (False, str, None)
- efs_keystore_access (False, str, None)
Defines the user keystore location.
This attribute is valid only if the system is EFS-enabled.
efs_keystore_algo (False, str, None)
expires (False, str, None)
histexpire (False, str, None)
histsize (False, str, None)
login (False, bool, None)
logintimes (False, str, None)
loginretries (False, str, None)
maxage (False, str, None)
maxexpired (False, str, None)
maxrepeats (False, str, None)
minage (False, str, None)
minalpha (False, str, None)
mindiff (False, str, None)
minlen (False, str, None)
minother (False, str, None)
projects (False, list, None)
pwdchecks (False, list, None)
pwdwarntime (False, str, None)
registry (False, str, None)
rlogin (False, bool, None)
su (False, bool, None)
sugroups (False, str, None)
SYSTEM (False, str, None)
tpath (False, str, None)
ttys (False, str, None)
umask (False, str, None)
Notes
Note
If the registry is set to NIS or DCE, it can not be removed.
For removing an attribute, you need to provide a valid value along with state=absent
name
description
- link
name
description
link
Examples
Return Values
- changed (always, bool, False)
Was this value changed
- msg (always, str, Invalid parameter: install_list cannot be empty)
The execution message.
- file (always, str, )
The file being modified
- stanza (always, str, )
The stanza in file being modified
- attrs (always, dict, )
For each attribute provided in the ‘attrs’ section, an entry (below) is returned
- cmd (Only if attr requires change, str, )
Command that is run to update attr
- stdout (only when cmd is run, str, )
The standard output of the command.
- stderr (only when cmd is run, str, )
The standard error of the command.
- rc (only when cmd is run, int, )
The command return code.
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.