base / crypto-policies: move fedora instances back to DEFAULT
We changed this to DEFAULT:FEDORA32 a while back because the certs for the old totpcgi sudo needed it to work. Now thats all gone and we are 100% on ipa and sssd, this should no longer be needed. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
b86863676e
commit
92867b50a2
1 changed files with 3 additions and 3 deletions
|
|
@ -18,9 +18,9 @@
|
||||||
- crypto-policies
|
- crypto-policies
|
||||||
- base/crypto-policies
|
- base/crypto-policies
|
||||||
|
|
||||||
- name: Set crypto-policy on fedora 33 and higher hosts to allow 2fa to work
|
- name: Set crypto-policy on fedora 33 and higher hosts back to default
|
||||||
command: "update-crypto-policies --set DEFAULT:FEDORA32"
|
command: "update-crypto-policies --set DEFAULT"
|
||||||
when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT:FEDORA32') == -1 or cryptopolicyapplied.rc != 0)"
|
when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT') == -1 or cryptopolicyapplied.rc != 0)"
|
||||||
check_mode: no
|
check_mode: no
|
||||||
tags:
|
tags:
|
||||||
- crypto-policies
|
- crypto-policies
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue