6e761efc9c
Several tasks in the auth.yml file were actually more closely related to accounts rather than authentication. This patch moves tasks from the auth.yml into accounts.yml and adjusts the docs to match. This should alleviate confusion and allow deployers to fine-tune their Ansible playbook runs. Change-Id: I962014ba9022dd256dc04da6b4ac0860797fbc24
500 B
500 B
---id: V-71933 status: opt-in tag: accounts ---
Although the STIG requires that five passwords are remembered to prevent re-use, this can cause issues in production environment if the change is not communicated well to users. Therefore, the tasks in the security role do not apply this change by default.
Deployers can opt in for the change and specify a number of passwords to remember by setting the following Ansible variable:
security_password_remember_password: 5