From 19f0da5682636c75b4b9cd6c581a1f39c2967d9b Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Thu, 5 Nov 2020 20:45:51 +0100
Subject: [PATCH] Fix pam mkhomedir

The config file is provided by pam-modules, but with Default: no.
We need to call pam-auth-update to enable or disable it.
---
 ssh-server/handlers/main.yml |  5 -----
 ssh-server/tasks/main.yml    | 22 +++++++++++++---------
 2 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/ssh-server/handlers/main.yml b/ssh-server/handlers/main.yml
index 9fc709c..d796ac6 100644
--- a/ssh-server/handlers/main.yml
+++ b/ssh-server/handlers/main.yml
@@ -4,8 +4,3 @@
   service:
     name: ssh
     state: restarted
-
-- name: regenerate pam config
-  command: pam-auth-update --force
-  environment:
-    DEBIAN_FRONTEND: noninteractive
diff --git a/ssh-server/tasks/main.yml b/ssh-server/tasks/main.yml
index 5ea696c..1cb722f 100644
--- a/ssh-server/tasks/main.yml
+++ b/ssh-server/tasks/main.yml
@@ -46,16 +46,20 @@
   tags:
     - ssh
 
-- name: ensure pam creates a home dir if necessary
-  copy:
-    src: pam/mkhomedir
-    dest: /usr/share/pam-configs/mkhomedir
-    owner: root
-    group: root
-    mode: '0644'
+- name: ensure pam creates a home directory
+  command: pam-auth-update --enable mkhomedir --force
+  environment:
+    DEBIAN_FRONTEND: noninteractive
   when: ssh_mkhomedir
-  notify:
-    - regenerate pam config
+  tags:
+    - ssh
+    - pam
+
+- name: ensure pam doesn't create a home directory
+  command: pam-auth-update --remove mkhomedir --force
+  environment:
+    DEBIAN_FRONTEND: noninteractive
+  when: not ssh_mkhomedir
   tags:
     - ssh
     - pam
-- 
GitLab