diff --git a/tasks/rhel7stig/accounts.yml b/tasks/rhel7stig/accounts.yml
index d66758c5..0a4d045b 100644
--- a/tasks/rhel7stig/accounts.yml
+++ b/tasks/rhel7stig/accounts.yml
@@ -79,11 +79,15 @@
     - medium
     - V-71923
 
+# NOTE(mhayden): The "is mapping" check is required below because some users
+# may be attached to a Kerberos realm and they may not have shadow data on the
+# system. See bug 1659232 for more details.
 - name: Set minimum password lifetime limit to 24 hours for interactive accounts
   shell: "chage -m 1 {{ item.name }}"
   when:
+    - item.shadow is mapping
     - item.shadow.min_days != 1
-    - security_set_minimum_password_lifetime
+    - security_set_minimum_password_lifetime | bool
   with_items:
     - "{{ interactive_user_list.users }}"
   tags:
@@ -91,11 +95,15 @@
     - medium
     - V-71927
 
+# NOTE(mhayden): The "is mapping" check is required below because some users
+# may be attached to a Kerberos realm and they may not have shadow data on the
+# system. See bug 1659232 for more details.
 - name: Set maximum password lifetime limit to 60 days for interactive accounts
   shell: "chage -M 60 {{ item.name }}"
   when:
+    - item.shadow is mapping
     - item.shadow.max_days > 60
-    - security_set_maximum_password_lifetime
+    - security_set_maximum_password_lifetime | bool
   with_items:
     - "{{ interactive_user_list.users }}"
   tags: