---

- name: Check if authconfig needs to update pam config
  command: "grep -c -P '^auth\\s+sufficient\\s+pam_sss.so' /etc/pam.d/system-auth"
  register: ad_authconfig_done
  changed_when: False
  failed_when: False
  tags: auth

- name: Configure the PAM stack
  command: authconfig --enablesssd --enablesssdauth --enablemkhomedir --update
  when: ad_authconfig_done.stdout | int < 1
  tags: auth