Freeipa Password Policy(密碼策略)

參考文檔：Password Policy

一、Minimum Password Lifetime (krbMinPwdLife): The minimum period of time, in hours, that a user's password must be in effect before the user can change it. The default value is one hour.

二、Maximum Password Lifetime (krbMaxPwdLife): The maximum period of time, in days, that a user's password can be in effect before it must be changed.

三、Minimum Number of Character Classes (krbPwdMinDiffChars): The minimum number of different classes, or types, of character that must exist in a password before it is considered valid. The default value is zero (0). The following character classes are supported:

     Upper-case characters    Lower-case characters    Digits    Special characters (for example, punctuation)

四、Minimum Length of Password (krbPwdMinLength): The minimum number of characters that must exist in a password before it is considered valid.

五、Password History Size (krbPwdHistoryLength): The number of previous passwords that IPA stores, and which a user is prevented from using. The default value is zero (0) (disable password history).（密碼歷史記錄大小,是否能夠使用原始密碼）

六、Priority，Sets the priority which determines which policy is in effect. The lower the number, the higher priority. Although this priority is required when the policy is first created in the UI, it cannot be reset in the UI. It can only be reset using the CLI.（數字越低，優先級越高.只能在ci中重置。若是用戶在具備密碼策略的多個組中，使用最低優先級的策略。具備相同優先級的兩個策略未定義，目錄服務器將任意決定）

七、Maximum Consecutive Failures：Specifies the maximum number of consecutive failures to input the correct password before the user's account is locked.（輸入幾回錯誤密碼則鎖定用戶賬戶）

八、Fail Interval： Specifies the period (in seconds) after which the failure count will be reset.

九、Lockout Time： Specifies the period (in seconds) for which a lockout is enforced.