[Enhancement] Security user login and session mechanism

Created by: RolandMa1986

What's it about? The security mechanism is one of the most critical systems functional features that need to be implemented to ensure system security. Currently, we have sample built-in mechanisms like password police and login restriction. However, we still lack some important functions likes bellow:

Session management

• #4442 (closed)

Password Police

• Force user change password when login first time, including admin user (currently is optional).
• Do not allow to copy/cut password
• Minimum password length requires at least a value of 8
• Allows to set Maximum password age. and prompt user to change password
• Allows to set Enforce password history. Set the number of unique new passwords that must be associated with a user account before an old password can be reused.
• etc.

Documents

• Provide more detailed document above the default policies and configuration
• Information about Security risks and recommendations.

Area Suggestion

/area apiserver /area console /area documentation /area iam /kind feature-request