From d34a33b99625daf0cd71957d3b1f2cd4d981c459a871df197bda05e540c1337d Mon Sep 17 00:00:00 2001
From: Halfwalker <deano-gitea@areyes.com>
Date: Mon, 23 Dec 2024 08:03:18 -0700
Subject: Improve wording about nullok parameter

---
 defaults/main.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'defaults/main.yml')

diff --git a/defaults/main.yml b/defaults/main.yml
index 964d155..0eb2f7a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,9 +3,10 @@
 # User can be overridden by a vault variable or from hosts file entry or ansible cmdline
 username: "{{ vault_username | default(ansible_user_id) }}"
 
-# Set the nullok parameter for pam_google_authenticator.so in /etc/pam.d/sshd
-# When set, this allows password logins if no ~/.google_authenticator exists
-# If not set, then can NOT login until ~/.google_authenticator is created
+# This enables/disables adding the nullok parameter to the pam_google_authenticator.so
+# line in /etc/pam.d/sshd
+# When enabled, nullok allows password logins even if no ~/.google_authenticator exists
+# If false (no 'nullok' param), then users can NOT login until their ~/.google_authenticator is created
 google_auth_nullok: false
 
 # Use google authenticator config from vault if it's there
-- 
cgit v1.2.3