Skip to content

Commit

Permalink
Minimal profile will be removed in future authselect versions
Browse files Browse the repository at this point in the history 
It will be replaced by a profile called local. But the sssd profile will
continue there and therefore will be used to check the available
authselect features. It doesn't affect the existing rules since used
features are part of both profiles.
https://fedoramagazine.org/authselect-in-fedora-linux-40-migrating-to-the-new-local-profile/

Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
  • Loading branch information
@marcusburghardt
marcusburghardt committed Jul 12, 2024
1 parent 50aeda0 commit abb87be
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions shared/macros/10-ansible.jinja
View file
Original file line number Diff line number Diff line change
Expand Up @@ -948,7 +948,7 @@ The following macro remediates Audit syscall rule in :code:`/etc/audit/audit.rul

- name: '{{{ rule_title }}} - Collect the Available authselect Features'
ansible.builtin.command:
cmd: authselect list-features minimal
cmd: authselect list-features sssd
register: result_authselect_available_features
changed_when: false
when:
Expand Down Expand Up @@ -990,7 +990,7 @@ The following macro remediates Audit syscall rule in :code:`/etc/audit/audit.rul

- name: '{{{ rule_title }}} - Collect the available authselect features'
ansible.builtin.command:
cmd: authselect list-features minimal
cmd: authselect list-features sssd
register: result_authselect_available_features
changed_when: false
when:
Expand Down
4 changes: 2 additions & 2 deletions shared/macros/10-bash.jinja
View file
Original file line number Diff line number Diff line change
Expand Up @@ -893,7 +893,7 @@ PAM_FILE_PATH="/etc/authselect/$CURRENT_PROFILE/$PAM_FILE_NAME"
#}}
{{%- macro bash_pam_lastlog_enable_showfailed(pam_file, control, after_match='') -%}}
if [ -f /usr/bin/authselect ]; then
if authselect list-features minimal | grep -q with-silent-lastlog; then
if authselect list-features sssd | grep -q with-silent-lastlog; then
{{{ bash_disable_authselect_feature('with-silent-lastlog') | indent(8) }}}
else
{{# the following macro ensures the PAM_FILE_PATH variable is properly set #}}
Expand Down Expand Up @@ -926,7 +926,7 @@ fi
#}}
{{%- macro bash_pam_pwhistory_enable(pam_file, control, after_match='') -%}}
if [ -f /usr/bin/authselect ]; then
if authselect list-features minimal | grep -q with-pwhistory; then
if authselect list-features sssd | grep -q with-pwhistory; then
{{{ bash_enable_authselect_feature('with-pwhistory') | indent(8) }}}
else
{{# the following macro ensures the PAM_FILE_PATH variable is properly set #}}
Expand Down

0 comments on commit abb87be

Please sign in to comment.