Help with pamd module

All,

I’m fairly new to ansible and have been following the ansible documentation but am having trouble with the pamd module and hope someone can help shed some light.

Here is my current task in my playbook:

  • name: “[RHEL-06-000060] - Update difok number in /etc/pam.d/system-auth”
    pamd:
    name: system-auth
    type: password
    control: required
    module_path: pam_cracklib.so
    module_arguments: ‘retry=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 difok=8 maxrepeat=3’
    state: updated

What I am trying to do is just update the difok argument as the original setting in the file is difok=3. If I just change the module_arguments part to just say ‘difok=8’ and change the state to args_present, then it just appends to the end of the line and I have both a difok=3 and a difok=8. Is there a way to just use the module_argument section for only the one I want to change without having to list all of the arguments? I’m trying to avoid my playbook showing changed every time I run it.

Any help is appreciated.

Thanks
Robert

Simplify your task. Just create a well know template with your correct settings for the system-auth-ac file and then just copy it down. You don’t really care what is currently in it if you just copy a good known copy down. Or, you could run an command grep for difok on system-auth-ac and only copy if the value is different than 8.