You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The parameter os_auth_pw_remember has no effect on Ubuntu/Debian as far as I can tell, but this is not documented anywhere.
Expected behavior
os_auth_pw_remember should control how many old passwords are recorded and should prevent re-use of these passwords on all supported operating systems. This setting is required for compliance with various standards.
Actual behavior
Nothing happens.
Example Playbook
- hosts: all
collections:
- devsec.hardening
roles:
- devsec.hardening.os_hardening
- devsec.hardening.ssh_hardening
vars:
os_auth_pw_max_age: 90
os_auth_pw_min_age: 7
os_auth_pw_warn_age: 28 # This is a parameter I added to my fork
os_auth_retries: 5
os_auth_lockout_time: 1800
os_auth_pw_remember: 10
os_auth_pam_sssd_enable: false
os_auth_pam_passwdqc_enable: true
os_auth_pam_passwdqc_options: 'min=disabled,disabled,disabled,16,15 max=255' # Ubuntu
os_auth_pam_pwquality_options: 'min=disabled,disabled,disabled,16,15 max=255' # RHEL
os_auth_timeout: 60
sftp_enabled: true
ssh_permit_tunnel: true
ssh_allow_tcp_forwarding: 'yes'
ssh_allow_agent_forwarding: true
ssh_client_alive_interval: 300
ssh_print_debian_banner: false
ssh_print_motd: false
ssh_print_pam_motd: true
ssh_print_last_log: true
Describe the bug
The parameter os_auth_pw_remember has no effect on Ubuntu/Debian as far as I can tell, but this is not documented anywhere.
Expected behavior
os_auth_pw_remember should control how many old passwords are recorded and should prevent re-use of these passwords on all supported operating systems. This setting is required for compliance with various standards.
Actual behavior
Example Playbook
OS / Environment
Ubuntu 20.04.4 LTS
Ansible Version
Role Version
Additional context
Preventing password re-use is required for compliance with various standards, e.g. PCI DSS v3.2.1.
The text was updated successfully, but these errors were encountered: