os-hardening: Pam config does not allow password changes and auto home dir creation on AD joined RHEL 8

[mwester117]

Describe the bug
If you use the os-hardening role on RHEL 8 os it disables authconfig pam settings and enables your config. If the server is AD-joined it is no longer possible to change the password of the ad user with passwd.

If I add the following line on top of the password entries in /etc/pam.d/system-auth-local the password change is working again:
password requisite pam_pwquality.so local_users_only

The next bug is that the pam_oddjob_mkhomedir.so is missing in your session config in /etc/pam.d/system-auth-local.
So if you first login with an AD account it should create the home directory of the user. With you config the home directory is not created because of the missing pam_oddjob_mkhomedir.so line

Expected behavior
Password changes for AD users with passwd should work.
Homedirectories of AD users should be created automatically

Actual behavior

$ passwd
Changing password for user XXXXXXXX.
Current Password:
passwd: Authentication token manipulation error

Example Playbook

Every playbook which runs the os-hardening role with default parameters on an AD joined RHEL 8 server

OS / Environment

RHEL 8 joined to AD

Ansible Version

2.13

Role Version

8.1

[BlamKiwi]

I know this is old, but I'm +1-ing this.

Related request:
#753