I would very much like to have the option for XKCD style passwords as an option in IPA: https://xkcd.com/936/ With traditional style passwords becoming less and less secure, doing this would be quite helpful. I know it can be simulated by just doing it, but there's no way to do that and have traditional passwords at the same time (while transitioning.) An actual password policy that I could apply to just certain groups would be the right way of going about it.
Can you be more explicit what you're asking for here. You want a password policy to enforce that the password is made up of 4 discrete words? All lower-case? Or do you want us to do enforcement based on the entropy math?
Specifically: four discrete words, preferably with a cracklib-like check to see if they're unrelated (as in, not appearing together, in sequence, in common phrases (or at least a stub that can be extended later.)) I'm not even sure how you'd go about tackling the entropy math.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3887
There is no plan, priority or team capacity now or in the near future to work on this request. Thus, i am closing the ticket as wontfix or upstream (in case there is an upstream ticket that the community can help us solve). We might revisit this decision according to our product goals. Thank you for reporting this bug/feature. Theo Apazoglou Product Owner RHEL IPA