Dustin C. Hatch
82f2a7518e
*authselect* is now [mandatory][0] in Fedora 36. It cannot be uninstalled, but it can be disabled by removing its configuration file. [0]: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory
48 lines
1.1 KiB
YAML
48 lines
1.1 KiB
YAML
- name: load distribution-specific variables
|
|
include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- '{{ ansible_distribution }}.yml'
|
|
- '{{ ansible_os_family }}.yml'
|
|
- defaults.yml
|
|
|
|
- name: ensure authconfig is not installed
|
|
package:
|
|
name=authconfig
|
|
state=absent
|
|
- name: ensure authconfig PAM configuration is reset
|
|
command:
|
|
mv /etc/pam.d/{{ item }}-ac /etc/pam.d/{{ item }}
|
|
removes=/etc/pam.d/{{ item }}-ac
|
|
with_items:
|
|
- fingerprint-auth
|
|
- password-auth
|
|
- postlogin
|
|
- smartcard-auth
|
|
- system-auth
|
|
- name: ensure authselect is disabled
|
|
file:
|
|
path: /etc/authselect/authselect.conf
|
|
state: absent
|
|
|
|
- name: ensure mkhomedir package is installed
|
|
package:
|
|
name={{ mkhomedir_pkg }}
|
|
when: pam_mkhomedir
|
|
- name: ensure oddjobd starts at boot
|
|
service:
|
|
name=oddjobd
|
|
enabled=true
|
|
when: pam_mkhomedir and pam_oddjob_mkhomedir
|
|
- name: ensure oddjobd is running
|
|
service:
|
|
name=oddjobd
|
|
state=started
|
|
when: pam_mkhomedir and pam_oddjob_mkhomedir
|
|
|
|
- name: ensure pam configuration is set
|
|
template:
|
|
src={{ item.template }}
|
|
dest=/etc/pam.d/{{ item.name }}
|
|
mode=0644
|
|
with_items: '{{ pam_system_auth_conf }}'
|