Interface support for security configuration
Configuration support for password and security
enforcement for user account under AccountPolicy
interface (which will manage global policies
related to accounts).
Change-Id: Icdea6d83654f9449088a6319f453788cb25ecfc2
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/xyz/openbmc_project/User/AccountPolicy.interface.yaml b/xyz/openbmc_project/User/AccountPolicy.interface.yaml
new file mode 100644
index 0000000..9397f4b
--- /dev/null
+++ b/xyz/openbmc_project/User/AccountPolicy.interface.yaml
@@ -0,0 +1,33 @@
+description: >
+ Provides global user account policy related management.
+
+properties:
+ - name: MaxLoginAttemptBeforeLockout
+ type: uint16
+ description: >
+ Configures the maximum permissible attempt before locking
+ out the user. Value of 0 indicates that account lockout
+ feature is disabled.
+
+ - name: AccountUnlockTimeout
+ type: uint32
+ description: >
+ Configures timeout needed (in seconds) to unlock the account
+ after a lockout. Value of 0 indicates that account must be
+ unlocked manually.
+
+ - name: MinPasswordLength
+ type: byte
+ description: >
+ Configures the minimum password length. Minimum password length
+ specified in build time is marked as default value. This property
+ cannot be configured below the build time default value but can be
+ set to higher one for security reasons.
+
+ - name: RememberOldPasswordTimes
+ type: byte
+ description: >
+ Configures the number of times old password shouldn't be allowed
+ when trying to update new password. Value of 0 (by default) indicates
+ this feature is not enforced.
+# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4