[Labs-l] PAM cleanup on Labs instances
Marc A. Pelletier
marc at uberbox.org
Wed Dec 2 17:00:35 UTC 2015
Hello Labs,
Today, I've cleaned up and made sane the PAM configuration puppet places
on labs instances (by relying on the debian-provided facilities rather
than manual overrides).
However, instances using a self-hosted puppet master will not have
picked the change up. This is essentially harmless in the short time
(since it maintains status-quo) but requires a brief intervention to
prevent your instances' configuration from diverging over time:
Once you have pulled the master changes to your puppet master (and ran
the agent on your instances), there will be a script
/usr/local/sbin/cleanup-pam-config that needs to be run once as root on
every instance; this restores the /etc/pam.d/ configuration to the
distribution default then uses the system pam-auth-update system to
apply the labs-specific settings the "right" way.
Thank you,
-- Marc
More information about the Labs-l
mailing list