[Labs-l] PAM cleanup on Labs instances

Marc A. Pelletier marc at uberbox.org
Wed Dec 2 17:00:35 UTC 2015

Hello Labs,

Today, I've cleaned up and made sane the PAM configuration puppet places
on labs instances (by relying on the debian-provided facilities rather
than manual overrides).

However, instances using a self-hosted puppet master will not have
picked the change up.  This is essentially harmless in the short time
(since it maintains status-quo) but requires a brief intervention to
prevent your instances' configuration from diverging over time:

Once you have pulled the master changes to your puppet master (and ran
the agent on your instances), there will be a script
/usr/local/sbin/cleanup-pam-config that needs to be run once as root on
every instance; this restores the /etc/pam.d/ configuration to the
distribution default then uses the system pam-auth-update system to
apply the labs-specific settings the "right" way.

Thank you,

-- Marc

More information about the Labs-l mailing list