"remove selinux-policy when Pam is used"

[westurner]

Tragic: https://github.com/dev-sec/ansible-ssh-hardening/blob/master/tasks/selinux.yml#L53-L57

Even after reading this I don't think I quite understand the problem here: https://danwalsh.livejournal.com/12333.html?mode=reply

Is there no way to configure pam_unix to skip the /etc/shadow read and just default to unix_chkpwd? Would that even solve?

(Sorry, this isn't a bug in ansible-ssh-hardening, this is a bug in [...])

By the way, Fedora fails hard when 'UsePAM no' is set; with:

WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems