On 5/4/22 17:57, 'Christian Schoepplein' via Ansible Project wrote:
I am using a slightly adapted role taken from
<https://github.com/1it/ansible-role-users> to manage our users on our
servers.
This is working fine so far but one little thing I can't get to work.
I want to force newly created users to change their password when they login
for the first time. For that reason I need to know which user is new on a
system.
Sorry, two answers you probably don't want to read:
1. While I really like ansible to achieve many tasks I don't consider it
to be a decent IAM system. An ansible-based solution lacks important
features like enforcing uniqueness on IDs, secure password reset
process, etc. You should rather consider setting up a decent IAM.
2. Enforcing password reset after first login does not work well in a
pure server environment. This mech is designed for workstation logins
after initial password reset. I'd recommend to implement a better
password reset process which avoids this.
Ciao, Michael.
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/193deace-6f74-3f11-ef24-6587f0076e54%40stroeder.com.
