From b562271aad536b56b8d88475caf573696637e7ff Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@betacloud-solutions.de>
Date: Thu, 19 May 2016 07:37:38 +0200
Subject: [PATCH] Use fail module instead of debug module with failed_when

Change-Id: I6936ac260e98432cdd540163c15d4e1617e92f26
---
 tasks/auth.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tasks/auth.yml b/tasks/auth.yml
index 46a049c9..76455299 100644
--- a/tasks/auth.yml
+++ b/tasks/auth.yml
@@ -321,10 +321,9 @@
 
 # If SHA512 isn't in use for some reason, we should fail and display an error.
 - name: V-38576 - System must use FIPS 140-2 approved hashing algorithm for passwords (login.defs)
-  debug:
+  fail:
     msg: "FAILED: Must use SHA512 for password hashing (in /etc/login.defs)"
   when: v38576_result.rc != 0
-  failed_when: v38576_result.rc != 0
   tags:
     - auth
     - cat2
@@ -358,10 +357,9 @@
 # If libuser is installed *AND* it's using unacceptable password hashing
 # algorithms, throw an error and a failure.
 - name: V-38577 - System must use FIPS 140-2 approved hashing algorithm for passwords (libuser)
-  debug:
+  fail:
     msg: "FAILED: libuser isn't configured to use SHA512 hashing for passwords"
   when: v38577_libuser_check.rc == 0 and v38577_result.rc != 0
-  failed_when: v38577_libuser_check.rc == 0 and v38577_result.rc != 0
   tags:
     - auth
     - cat2