f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
23 lines
678 B
ReStructuredText
23 lines
678 B
ReStructuredText
---
|
|
id: V-71921
|
|
status: implemented
|
|
tag: accounts
|
|
---
|
|
|
|
The default password storage mechanism for Ubuntu 16.04, CentOS 7, openSUSE Leap,
|
|
SUSE Linux Enterprise 12 and Red Hat Enterprise Linux 7 is ``SHA512`` and the tasks
|
|
in the security role ensure that the default is maintained.
|
|
|
|
Deployers can configure a different password storage mechanism by setting the
|
|
following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_password_encrypt_method: SHA512
|
|
|
|
.. warning::
|
|
|
|
SHA512 is the default on most modern Linux distributions and it meets the
|
|
requirement of the STIG. Do not change the value unless a system has
|
|
a specific need for a different password mechanism.
|