Looking for some help on the best way to implement this. We basically have to provide a mechanism that when the password is changed or when a new user is created, the password is verified to contain letters, numbers, symbols, upper, lower and be a certain length. I see there used to be something called local_settings.json which doesnt appear to work and is OBE in current code. We are using 3.0.1 version. I think the understanding is the external authentication would cover this, but we cannot use this unless we have some mechanism that does this for the internal users also. Any suggestions or anyone else already doing something, and would like to provide guidance, it would certainly be much appreciated. Otherwise it seems python and chasing the code is in our near future. Thanks in advance. Ron
Hello,
I need help.
How to restore a node in 3-node awx/Ansible tower ha cluster ?
I have 3-node awx/Ansible tower 10.0 is running and suddenly one of the node in cluster get crashed…now how to restore a new formatted node back to ha cluster…
Hi Ron
Can you not use the password lookup plugin? https://docs.ansible.com/ansible/latest/plugins/lookup/password.html
Otherwise you can write a simple play using assert, such as:
- name: Check Users Password Complexity
assert:
that: - users_password | length > 7
- users_password | regex_search(‘[A-Z]’)
- users_password | regex_search(‘[a-z]’)
- users_password | regex_search(‘[0-9]’)
fail_msg: “users_password does not need password complexity requirements (8+ Chars, Lower Case, Upper Case, Number)”
Phil.
Phil,
Thanks for the quick reply. The passwords we are looking to check/strengthen are the internal awx admin/user passwords. For example, if I log into the awx console, select Users, [+] Create New Users, I have the ability to create the new user account. There is nothing that restricts the password being set. Additionally if I change the password by clicking the upper right username icon while logged int, there is nothing that checks its complexity. Ideally, the admin/admins should have something that restricts the passwords they use. For example, I created an System Auditor account and set the password to f. thanks again. Ron
Hello, I have same requirement to implement password complexity on local logins. Is it possible to make the password complexity as a UI menu item?
Thank you
Hi Pabbisetty,
Right now the password complexity is not configurable. Feel free to open an RFE in github AWX issues
AWX Team
Check out https://github.com/ansible/awx/pull/13789
-The AWX Team