---
id: V-71947
status: exception - manual intervention
tag: auth
---

The STIG requires all users to authenticate when using ``sudo``, but this
change can be highly disruptive for automated scripts or applications that
cannot perform interactive authentication. Automated edits from Ansible tasks
might cause authentication disruptions on some hosts, and deployers are urged
to carefully review each use of the ``NOPASSWD`` directive in their ``sudo``
configuration files.

Deployers can opt-out of this change by setting an Ansible variable:

.. code-block:: yaml

    security_sudoers_nopasswd_check_enable: no