base: try changing f33 crypto-policies to a less open version to get 2fa working

LEGACY allows all kinds of old junk, lets try and just enable the things that FEDORA32 allowed. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2020-11-03 14:10:39 -08:00 · 2020-11-03 14:10:39 -08:00 · e5606578de
commit e5606578de
parent 6de5698aa6
2 changed files with 2 additions and 3 deletions
--- a/roles/base/tasks/crypto-policies.yml
+++ b/roles/base/tasks/crypto-policies.yml
@ -17,8 +17,8 @@
  - base/crypto-policies

 - name: Set crypto-policy on fedora 33 and higher hosts to allow 2fa to work
-  command: "update-crypto-policies --set LEGACY"
-  when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('LEGACY') == -1 or cryptopolicyapplied.rc != 0)"
+  command: "update-crypto-policies --set DEFAULT:FEDORA32"
+  when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT:FEDORA32') == -1 or cryptopolicyapplied.rc != 0)"
  tags:
  - crypto-policies
  - base/crypto-policies
--- a/roles/base/templates/crypto-policies-config
+++ b/roles/base/templates/crypto-policies-config
@ -1 +0,0 @@
-LEGACY