Description of problem:

Every organisation uses (or at least should use) some kind of password policy today. For different RHEL releases are different ways to create one. Documented are these i.e. in the following KBs:

• [Set a password policy in Red Hat Enterprise Linux 7](https://access.redhat.com/solutions/2808101)
• [Set Password Policy/Complexity in Red Hat Enterprise Linux 8](https://access.redhat.com/solutions/5027331)
• [How to lock out a user to login a system after a set number of failed attempts in Red Hat Enterprise Linux using pam_tally/pam_tally2](https://access.redhat.com/solutions/4303)

IMHO this is perfect job to get done by a RHEL system role that covers the following ToDos:

1. Keep history of used passwords (the number of previous passwords which cannot be reused).
2. Enforce root for password complexity.
3. Password size (Minimum acceptable size for the new password).
4. Set limit to number of digits in password.
5. Set limit to number of Upper Case characters in password.
6. Set limit to number of Lower Case characters in password.
7. Set limit to number of Other characters in password.
8. Set minimum number of required classes in new password (digits, uppercase, lowercase, others).
9. Set maximum number of allowed consecutive same characters in the new password.
10. A maximum number of allowed consecutive characters of the same class in the new password.
11. A maximum number of characters that is allowed to use in new passwords(compared to old password.

I would appreciate when you process this RFE and I found some new Ansible role for this in an upcoming release of RHEL System Roles.

Version-Release number of selected component (if applicable):

RHEL7, RHEL8

How reproducible: 100%

Actual results:

There are separate ways for RHEL 7 and RHEL 8 servers to configure different password policies.

Expected results:

Ansible system role for creating password policies which can be used for any RHEL veresion. So that different methods of configurin password policy need not to be used.