From 5a9e85947dff4951c1b70e04d95c4bf9ab585d3c Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Sat, 20 May 2017 16:25:54 +0200
Subject: [PATCH] ad-auth: do not deploy mkhomedir on clients

---
 ad-auth/tasks/pam.yml | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/ad-auth/tasks/pam.yml b/ad-auth/tasks/pam.yml
index c51e6ef..69cd4a9 100644
--- a/ad-auth/tasks/pam.yml
+++ b/ad-auth/tasks/pam.yml
@@ -1,11 +1,17 @@
 ---
 # file: roles/ad-auth/tasks/pam.yml
 
-- name: ensure our pam-configs are deployed
-  copy: src=pam/{{ item }} dest=/usr/share/pam-configs/{{ item }} owner=root group=root mode=0644
-  with_items:
-    - mkhomedir
-    - umask
+- name: ensure pam applies a general umask
+  copy: src=pam/umask dest=/usr/share/pam-configs/umask owner=root group=root mode=0644
+  notify:
+    - regenerate pam config
+  tags:
+    - pam 
+    - config
+
+- name: ensure pam creates a home dir if necessary
+  copy: src=pam/mkhomedir dest=/usr/share/pam-configs/mkhomedir owner=root group=root mode=0644
+  when: "'clients' not in group_names"
   notify:
     - regenerate pam config
   tags:
-- 
GitLab