0eef112699
This patch refactors the login.defs adjustments into a single task that loops over a variable. It also adds tasks for RHEL-07-010200, RHEL-07-010420, and RHEL-07-020230. Documentation is included. Implements: blueprint security-rhel7-stig Change-Id: I7c1f869d87338547da8943d5aa506ceb871cee68
641 B
641 B
---id: RHEL-07-010180 status: implemented tag: auth ---
The default password storage mechanism for Ubuntu 16.04, CentOS 7,
and Red Hat Enterprise Linux 7 is SHA512 and the tasks in
the security role ensure that the default is maintained.
Deployers can configure a different password storage mechanism by setting the following Ansible variable:
security_password_encrypt_method: SHA512Warning
SHA512 is the default on most modern Linux distributions and it meets the requirement of the STIG. Do not change the value unless a system has a specific need for a different password mechanism.