1、Minimum Password Lifetime (krbMinPwdLife): The minimum period of time, in hours, that a user's password must be in effect before the user can change it. The default value is one hour.
2、Maximum Password Lifetime (krbMaxPwdLife): The maximum period of time, in days, that a user's password can be in effect before it must be changed.
3、Minimum Number of Character Classes (krbPwdMinDiffChars): The minimum number of different classes, or types, of character that must exist in a password before it is considered valid. The default value is zero (0). The following character classes are supported:
Upper-case characters Lower-case characters Digits Special characters (for example, punctuation)
4、Minimum Length of Password (krbPwdMinLength): The minimum number of characters that must exist in a password before it is considered valid.
5、Password History Size (krbPwdHistoryLength): The number of previous passwords that IPA stores, and which a user is prevented from using. The default value is zero (0) (disable password history).（密码历史记录大小,是否可以使用原始密码）
6、Priority，Sets the priority which determines which policy is in effect. The lower the number, the higher priority. Although this priority is required when the policy is first created in the UI, it cannot be reset in the UI. It can only be reset using the CLI.（数字越低，优先级越高.只能在ci中重置。如果用户在具有密码策略的多个组中，使用最低优先级的策略。具有相同优先级的两个策略未定义，目录服务器将任意决定）
7、Maximum Consecutive Failures：Specifies the maximum number of consecutive failures to input the correct password before the user's account is locked.（输入几次错误密码则锁定用户帐户）
8、Fail Interval： Specifies the period (in seconds) after which the failure count will be reset.
9、Lockout Time： Specifies the period (in seconds) for which a lockout is enforced.