From e737cb96613dd4f8ef5db35d2d6f041a2e1ea38c Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 15 May 2017 18:19:43 +0200
Subject: [PATCH] library/roles/sshd_config/defaults/main.yml: Change the
 default for 'use pam' to yes. It breaks too many things otherwise.

---
 sshd_config/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sshd_config/defaults/main.yml b/sshd_config/defaults/main.yml
index 1e7779d..85ca47d 100644
--- a/sshd_config/defaults/main.yml
+++ b/sshd_config/defaults/main.yml
@@ -11,7 +11,7 @@ sshd_permit_empty_passwords: "no"
 sshd_permit_root_login: "without-password"
 sshd_strict_mode: "yes"
 # If set to no, the locked users cannot log in. adduser creates the users that have no password as locked
-sshd_use_pam: "no"
+sshd_use_pam: "yes"
 # set to "yes" only if you are using s/key or something equivalent
 sshd_challenge_response_authentication: "no"
 sshd_enable_sftp_subsystem: True