sr2/ansible-collection-core
4
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

feat(baseline): enable sssd faillock, pwhistory and disable nullok

Browse source
This commit is contained in:
Iain Learmonth 2025-12-20 13:12:43 +00:00
parent 366f6c036a
commit c793b470b0
1 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
roles/baseline/tasks/ipaclient.yml
View file

@ -10,13 +10,16 @@
register: _baseline_freeipa_authselect_status
changed_when: false
- name: FreeIPA Client | PATCH | Apply authselect profile with sssd, sudo, and mkhomedir if not set
ansible.builtin.command: authselect select sssd with-sudo with-mkhomedir with-subid --force
- name: FreeIPA Client | PATCH | Apply authselect profile with sssd, sudo, and more if not set
ansible.builtin.command: authselect select sssd with-sudo with-mkhomedir with-subid with-faillock with-pwhistory without-nullok --force
when: >
'Profile ID: sssd' not in _baseline_freeipa_authselect_status.stdout or
'with-sudo' not in _baseline_freeipa_authselect_status.stdout or
'with-mkhomedir' not in _baseline_freeipa_authselect_status.stdout or
'with-subid' not in _baseline_freeipa_authselect_status.stdout
'with-subid' not in _baseline_freeipa_authselect_status.stdout or
'with-faillock' not in _baseline_freeipa_authselect_status.stdout or
'with-pwhistory' not in _baseline_freeipa_authselect_status.stdout or
'without-nullok' not in _baseline_freeipa_authselect_status.stdout
- name: FreeIPA Client | PATCH | Enable oddjobd.service (for with-mkhomedir feature)
ansible.builtin.systemd_service: