From 8d48d2da06215acd2be8e9e3f2faea1a019eae48 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Wed, 14 Oct 2020 21:10:20 -0400
Subject: [PATCH] Update default_vars.yml

---
 vars/default_vars.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 7b626095e..d0873755a 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -50,19 +50,19 @@ language_priority: en es fr
 # Real-time clock: set RTC chip family here.  Future auto-detection plausible?
 # rtc_id: ds3231
 
-# Please read more about the 'iiab-admin' Linux user and group, which allow
-# you to log in to IIAB's Admin Console (http://box.lan/admin):
+# Please read more about the 'iiab-admin' Linux user, for login to IIAB's
+# Admin Console (http://box.lan/admin) AND to help you at the command-line:
 # https://github.com/iiab/iiab/tree/master/roles/iiab-admin
 # https://github.com/iiab/iiab-admin-console/blob/master/Authentication.md
+#
+iiab_admin_user: iiab-admin    # Some prefer to reuse 'pi' or 'ubuntu' etc.
 # Set iiab_admin_user_install: False if you don't want iiab_admin_user auto-
-# created e.g. by IIAB's 1-line installer and roles/iiab-admin/tasks/main.yml
+# configured e.g. by IIAB's 1-line installer & roles/iiab-admin/tasks/main.yml
 iiab_admin_user_install: True
-# If iiab_admin_user_install: False, set iiab_admin_user to an existing Linux
-# user that's a member of group sudo (or group below?) for Admin Console login:
-iiab_admin_user: iiab-admin
-iiab_admin_user_group: iiab-admin    # 2020-10-13: Coming Soon?
-iiab_admin_published_pwd: g0adm1n    # For live checks/alerts of published pwds
-# Password hash to override above, if Ansible creates above user:
+iiab_admin_can_sudo: True    # For /usr/bin/iiab-* support commands.  Optional.
+iiab_admin_published_pwd: g0adm1n    # Default password.  For pwd warnings too.
+
+# DEPRECATED - Password hash to override above, if Ansible creates above user:
 iiab_admin_pwd_hash: $6$xsce51$D.IrrEeLBYIuJkGDmi27pZUGOwPFp98qpl3hxMwWV4hXigFGmdSvy3s/j7tn6OnyTTLmlV7SsN0lCUAFzxSop.
 # Obtain a password hash - NEW MORE SECURE WAY:
 #    python3 -c 'import crypt; print(crypt.crypt("<plaintext>", crypt.mksalt(crypt.METHOD_SHA512)))'