Skip to content

Commit

Permalink
add rhel7 pam_pwquality. fix #73
Browse files Browse the repository at this point in the history
  • Loading branch information
Sebastian Gumprich committed Aug 10, 2016
1 parent f7774d1 commit 723205f
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 7 deletions.
12 changes: 8 additions & 4 deletions tasks/pam.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and not os_auth_pam_passwdqc_enable

- name: install tally2
apt: name='libpam-modules' state=installed
apt: name='libpam-modules' state='installed'
when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and not os_auth_pam_passwdqc_enable and os_auth_retries > 0

- name: configure tally2
Expand All @@ -43,12 +43,16 @@
when: (ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu') and not os_auth_pam_passwdqc_enable and os_auth_retries == 0

- name: remove pam_cracklib, because it does not play nice with passwdqc
yum: name='{{os_packages_pam_cracklib}}' state=absent
when: (ansible_distribution == 'RedHat' or ansible_distribution == 'Oracle Linux') and os_auth_pam_passwdqc_enable
yum: name='{{os_packages_pam_cracklib}}' state='absent'
when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'Oracle Linux' and ansible_distribution_version <= '7')) and os_auth_pam_passwdqc_enable

- name: install the package for strong password checking
yum: name='{{os_packages_pam_passwdqc}}' state='installed'
when: (ansible_distribution == 'RedHat' or ansible_distribution == 'Oracle Linux') and os_auth_pam_passwdqc_enable
when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'Oracle Linux' and ansible_distribution_version <= '7')) and os_auth_pam_passwdqc_enable

- name: install pam_pwquality on rhel7, replacement for pam_passwdqc and pam_cracklib
yum: name='{{os_packages_pam_pwquality}}' state='installed'
when: ((ansible_distribution == 'RedHat' or ansible_distribution == 'Oracle Linux' and ansible_distribution_version >= '7')) and os_auth_pam_passwdqc_enable

- name: remove passwdqc
yum: name='{{os_packages_pam_passwdqc}}' state='absent'
Expand Down
7 changes: 4 additions & 3 deletions vars/RedHat.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
os_packages_pam_ccreds: 'pam_ccreds'
os_packages_pam_passwdqc: 'pam_passwdqc'
os_packages_pam_cracklib: 'pam_cracklib'
os_packages_pam_ccreds: 'pam_ccreds'
os_packages_pam_passwdqc: 'pam_passwdqc'
os_packages_pam_cracklib: 'pam_cracklib'
os_packages_pam_pwquality: 'pam_pwfamily'
os_nologin_shell_path: '/sbin/nologin'

0 comments on commit 723205f

Please sign in to comment.