From 180d71bc8e8a15930e4494239e0ba4684e300516 Mon Sep 17 00:00:00 2001
From: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Date: Fri, 26 May 2023 14:05:06 +0200
Subject: [PATCH] setting gets ignored

see: https://github.com/authselect/authselect/issues/223

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
---
 roles/os_hardening/templates/etc/pam.d/rhel_auth.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/os_hardening/templates/etc/pam.d/rhel_auth.j2 b/roles/os_hardening/templates/etc/pam.d/rhel_auth.j2
index c1d174ed..3d7cd224 100644
--- a/roles/os_hardening/templates/etc/pam.d/rhel_auth.j2
+++ b/roles/os_hardening/templates/etc/pam.d/rhel_auth.j2
@@ -48,7 +48,7 @@ session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
 -session    optional      pam_systemd.so
 {% if (os_auth_pam_oddjob_mkhomedir | bool) %}
-session     optional      pam_oddjob_mkhomedir.so umask=0077
+session     optional      pam_oddjob_mkhomedir.so
 {% endif %}
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so