From 92867b50a2760f6aec977bdbe19c7ebd1e29e854 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 6 Jun 2022 14:10:20 -0700
Subject: [PATCH] base / crypto-policies: move fedora instances back to DEFAULT

We changed this to DEFAULT:FEDORA32 a while back because the certs for
the old totpcgi sudo needed it to work. Now thats all gone and we are
100% on ipa and sssd, this should no longer be needed.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/tasks/crypto-policies.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/base/tasks/crypto-policies.yml b/roles/base/tasks/crypto-policies.yml
index 2a767193d6..c9390081be 100644
--- a/roles/base/tasks/crypto-policies.yml
+++ b/roles/base/tasks/crypto-policies.yml
@@ -18,9 +18,9 @@
   - crypto-policies
   - base/crypto-policies
 
-- name: Set crypto-policy on fedora 33 and higher hosts to allow 2fa to work
-  command: "update-crypto-policies --set DEFAULT:FEDORA32"
-  when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT:FEDORA32') == -1 or cryptopolicyapplied.rc != 0)"
+- name: Set crypto-policy on fedora 33 and higher hosts back to default
+  command: "update-crypto-policies --set DEFAULT"
+  when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT') == -1 or cryptopolicyapplied.rc != 0)"
   check_mode: no
   tags:
   - crypto-policies