/ansible-module-authconfig

An Ansible module to manage RHEL/CentOS authontication resources by authconfig(8)

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

koichirok.authconfig-module - Ansible authconfig module

Travis Ansible Module

Manages system authentication resources with authconfig

Requirements

  • authconfig package

Install

$ ansible-galaxy install koichirok.authconfig-module

# playbook.yml

- hosts: default
  roles:
  # After you call this role, you can use this module.
  - koichirok.authconfig-module

Synopsis

Configurering system authentication resources with authconfig(8)

Options

Parameter required default choices comments
enablereqlower no
  • yes
  • no
 Require at least one lowercase character/Do not require lowercase characters in a password
enablecachecreds no
  • yes
  • no
 Enable/Disable caching of user credentials in SSSD by default
smbservers no Specify names of servers to authenticate against
enablerequiresmartcard no
  • yes
  • no
 Require/Do not require smart card for authentication by default
passalgo no
  • descrypt
  • bigcrypt
  • md5
  • sha256
  • sha512
 Specify hash/crypt algorithm for new passwords
smbsecurity no
  • user
  • server
  • domain
  • ads
 Specify security mode to use for samba and winbind
enablereqdigit no
  • yes
  • no
 Require at least one digit/Do not require digits in a password
enableipav2 no
  • yes
  • no
 Enable/Disable IPAv2 for user information and authentication by default
enablewinbindusedefaultdomain no
  • yes
  • no
 Configures winbind to assume that users with no domain in their user names are domain/not domain users
ldapserver no default LDAP server hostname or URI
enablepreferdns no
  • yes
  • no
 Prefer/Do not prefer dns over wins or nis for hostname resolution
krb5kdc no
  • yes
  • no
 Specify default kerberos KDC
ldapbasedn no default LDAP base DN
enableforcelegacy no
  • yes
  • no
 When set to no, use SSSD implicitly if it supports the configuration. Set to yes
smbrealm no Specify default realm for samba and winbind when security=ads
enablesssd no
  • yes
  • no
 Set to yes to enable SSSD for user information by default with manually managed configuration. Set to no disable SSSD for user information by default (still used for supported configurations)
enablekrb5realmdns no
  • yes
  • no
 Enable/Disable use of DNS to find kerberos realms
smbworkgroup no Specify workgroup authentication servers are in
ipav2domain no Specify the IPAv2 domain the system should be part of
enableshadow no
  • yes
  • no
 Enable/Disable shadowed passwords by default
enablefingerprint no
  • yes
  • no
 Enable/Disable authentication with fingerprint readers by default
enablekrb5kdcdns no
  • yes
  • no
 Enable/Disable use of DNS to find kerberos KDCs
passmaxrepeat no Specify maximum number of same consecutive characters in a password
krb5realm no
  • yes
  • no
 Specify default kerberos realm
winbindjoin no Specify administrator account to Join the winbind domain or ads realm now
enablelocauthorize no
  • yes
  • no
 When set to yes, local authorization is sufficient for local users. Set to no
ipav2server no Specify the server for the IPAv2 domain
enablewinbindoffline no
  • yes
  • no
 Configures winbind to allow/prevent offline login
smartcardmodule no Specify default smart card module to use
enablesysnetauth no
  • yes
  • no
 Set to yes to authenticate system accounts by network services. Set to no
enablewins no
  • yes
  • no
 Enable/Disable wins for hostname resolution
nostart no
  • yes
  • no
 do not start/stop portmap, ypbind, and nscd
ldaploadcacert no load CA certificate from the URL
enablerfc2307bis no
  • yes
  • no
 Enable/Disable use of RFC-2307bis schema for LDAP user information lookups
enablewinbindkrb5 no
  • yes
  • no
 Winbind will use Kerberos 5 to authenticate/the default authentication method
enablesssdauth no
  • yes
  • no
 Set to yes to enable SSSD for authentication by default with manually managed configuration. Set to no to disable SSSD for authentication by default (still used for supported configurations)
enablesmartcard no
  • yes
  • no
 Enable/Disable authentication with smart card by default
passminlen no Specify minimum length of a password
enablecache no
  • yes
  • no
 Enable/Disable caching of user information by defaul
enablewinbindauth no
  • yes
  • no
 Enable/Disable winbind for authentication by default
hesiodrhs no Specify default hesiod RHS
hesiodlhs no Specify default hesiod LHS
enablehesiod no
  • yes
  • no
 Enable/Disable hesiod for user information by default
enablerequpper no
  • yes
  • no
 Require at least one uppercase character/Do not require uppercase characters in a password
enablepamaccess no
  • yes
  • no
 Check/Do not check access.conf during account authorization
winbindtemplateshell no Specify the shell which winbind-created users will have as their login shell
enablekrb5 no
  • yes
  • no
 Enable/Disable kerberos authentication by default
enablewinbind no
  • yes
  • no
 Enable/Disable winbind for user information by default
ipav2join no Specify the account to join the IPAv2 domain
krb5adminserver no
  • yes
  • no
 Specify default kerberos admin server
ipav2realm no Specify the realm for the IPAv2 domain
enablenis no
  • yes
  • no
 Enable/Disable NIS for user information by default
enableldapauth no
  • yes
  • no
 Enable/Disable LDAP for authentication by default
enableldap no
  • yes
  • no
 Enable/Disable LDAP for user information by default
enablereqother no
  • yes
  • no
 Require at least one other character/Do not require other characters in a password
winbindtemplatehomedir no Specify the directory which winbind-created users will have as home directories
enablemkhomedir no
  • yes
  • no
 Create/Don't create home directories for users on their first login
nisdomain no Specify default NIS domain
passmaxclassrepeat no Specify maximum number of consecutive characters of same class in a password
enableipav2nontp no
  • yes
  • no
 Setup/Do not setup the NTP against the IPAv2 domain
winbindtemplateprimarygroup no the group which winbind-created users will have as their primary group
enableldaptls no
  • yes
  • no
 Enable/Disable use of TLS with LDAP (RFC-2830)
smartcardaction no
  • Lock
  • Ignore
 Specify action to be taken on smart card removal
enablemd5 no
  • yes
  • no
 Enable/Disable MD5 passwords by default
passminclass no Specify minimum number of character classes in a password
winbindseparator no Specify the character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enabled
enableecryptfs no
  • yes
  • no
 Enable/Disable automatic per-user ecryptf
nisserver no
  • descrypt
  • bigcrypt
  • md5
  • sha256
  • sha512
 Specify default NIS server

Examples

# Configure LDAP
- authconfig: enableldap=yes enableldapauth=yes enableldaptls=no
              ldapserver=ldap://127.0.0.1/ ldapbasedn=dc=example,dc=com
# Enable cache (nscd) but don't start nscd daemon
- authconfig: enablecache=yes nostart=yes

Return Values

name description returned type sample
new_settings_lines when new_settings when not check_mode list ['caching is disabled', 'nss_files is always enabled', 'nss_compat is disabled', 'nss_db is disabled', 'nss_hesiod is disabled', ' hesiod LHS = ""', ' hesiod RHS = ""', 'nss_ldap is enabled', '...']
new_settings 'authconfig --test' output when not check_mode string caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled ...

Notes

  • THIS IS EARLY PREVIEW, THINGS MAY CHANGE

  • Since changed behavior depends on authconfig --test

License

GPLv3