Hey guys,
David Lutterkort wrote:
> If you have Augeas 0.4.1 on both the puppet client and master (count was
> only added in 0.4.1) this should work. Bryan, any ideas what could be
> wrong ?
Just a follow-up and warning: if you try this on an older version of
augeas (0.3.5 in my case), it tends to erase the contents of all the files.
Here is my pam class:
#
# Module: pam
#
class pam {
augeas { "pam_set_cracklib":
context => "/files/etc/pam.d/system-auth",
changes => [ "rm
*[module='pam_cracklib.so'][type='password']/argument",
"set
*[module='pam_cracklib.so'][type='password']/argument[1]
retry=3",
"set
*[module='pam_cracklib.so'][type='password']/argument[2]
lcredit=1",
"set
*[module='pam_cracklib.so'][type='password']/argument[3]
ucredit=1",
"set
*[module='pam_cracklib.so'][type='password']/argument[4]
dcredit=1",
"set
*[module='pam_cracklib.so'][type='password']/argument[5]
ocredit=1"],
onlyif => "get
*[module='pam_cracklib.so'][type='password']/argument[1] != retry=3",
}
augeas { "pam_set_unix":
context => "/files/etc/pam.d/system-auth",
changes => [ "rm *[module='pam_unix.so'][type='password']/argument",
"set
*[module='pam_unix.so'][type='password']/argument[1] md5",
"set
*[module='pam_unix.so'][type='password']/argument[2] shadow",
"set
*[module='pam_unix.so'][type='password']/argument[3] try_first_pass",
"set
*[module='pam_unix.so'][type='password']/argument[4] use_authtok",
"set
*[module='pam_unix.so'][type='password']/argument[5] remember=7", ],
onlyif => "get
*[module='pam_unix.so'][type='password']/argument[1] != md5",
}
# augeas { "pam_set_su_wheel":
# context => "/files/etc/pam.d/su",
# changes => [ "ins 1000 after
*[type='auth'][module='pam_rootok.so']",
# "set 1000/type auth",
# "set 1000/control required",
# "set 1000/module pam_wheel.so" ],
# onlyif => "match
*[type='auth'][control='required'][module='pam_wheel.so'] size == 0",
# }
augeas { "pam_remove_console":
context => "/files/etc/pam.d/",
changes => "rm */*[module='pam_console.so']",
onlyif => "match */*[module='pam_console.so'] size > 0",
}
augeas { "pam_remove_rhosts_auth":
context => "/files/etc/pam.d",
changes => "rm */*[module='pam_rhosts_auth.so']",
onlyif => "match */*[module='pam_rhosts_auth.so'] size > 0",
}
}
When this ran on a machine that had augeas-libs 0.3.5, it erased the
contents of all the files in /etc/pam.d. That was fun to fix, especially
as this happened to the puppet master itself.
I'm not sure exactly which one of these caused the problem. I wasn't
about to do detailed troubleshooting, because I needed to get my puppet
master allowing logins. :)
Anyway, just thought I'd let you all know.
cYa,
Avi
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---
