make compatible to authconfig

dev-sec · Feb 13, 2021 · 95db263 · 95db263
1 parent 7282187
commit 95db263
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/roles/os_hardening/tasks/pam.yml b/roles/os_hardening/tasks/pam.yml
@@ -155,15 +155,25 @@
     - ansible_facts.os_family == 'RedHat'
     - not os_auth_pam_passwdqc_enable
 
-- name: configure passwdqc and faillock via central system-auth confic
+- name: configure passwdqc and faillock via central system-auth config
   template:
     src: 'etc/pam.d/rhel_system_auth.j2'
-    dest: '/etc/pam.d/system-auth-ac'
+    dest: '/etc/pam.d/system-auth-local'
     mode: '0640'
     owner: 'root'
     group: 'root'
   when: ansible_facts.os_family == 'RedHat'
 
+- name: enable our config for system-auth
+  file:
+    src: /etc/pam.d/system-auth-local
+    dest: /etc/pam.d/system-auth
+    mode: '0640'
+    owner: 'root'
+    group: 'root'
+    state: link
+  when: ansible_facts.os_family == 'RedHat'
+
 - name: NSA 2.3.3.5 Upgrade Password Hashing Algorithm to SHA-512
   template:
     src: 'etc/libuser.conf.j2'