-
Notifications
You must be signed in to change notification settings - Fork 729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
restructure PAM handling and update for currently supported Linux distributions #392
Conversation
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
fixes #377 |
open: add faillock config for Debian based distros |
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
fixes #273 |
fixes #252 |
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
mabe this warants a major version increase? |
fixes #278 |
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
tested with current Fedora 33, it should work starting from Fedora 28 possibly earlier. But Ansible in this versions is no longer compatible with Collections. So I suppose this is ok. |
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@rndmh3ro I think we should proceed. I tested Logins in various forms and everything seems in order. Upgrading also works for Debian and in RHEL based disrtos. |
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
now also tested the role update from previous version on centos7 and centos8 |
restructure PAM handling and update for currently supported Linux distributions
The old handling of PAM was old and had some problems with current configurations.
This PR creates a completely new PAM configuration for RHEL distributions and adds faillock on RHEL and Debian. We still have no implementation for Arch and SuSE.
We now use a configuration that works with the automation tools from RedHat and the user can now run
authconfig
withour disabling our changes. We also offer the possibiltiy of enabling sssd authentication, that should cover many usecases.Testing is currently performed manually, since our CI does not contain testcases for PAM.
Test setup:
After applying these configuration we need to perform login tests via ssh and local login. These tests should cover root user and a normal user. We specially want to test lockout via faillock.
Tests performed: