2a17cd18cd
This patch allows deployers to optionally disable accounts that have expired passwords. This can be disruptive in some environments and that is noted in the documentation. Implements: blueprint security-rhel7-stig Change-Id: I25233162900786fe100edd09d055b47025830b8c
437 B
437 B
---id: RHEL-07-010280 status: opt-in tag: auth ---
The STIG requires that user accounts are disabled when their password expires. This might be disruptive for some users or for automated processes. Therefore, the tasks in the security role do not apply this change by default.
Deployers can opt in for this change by setting the following Ansible variable:
security_disable_account_if_password_expires: yes