Ed wrote:
I'm trying to change the password complexity requirements in
pam.d/system-auth using augeas. I can append the values (lcredit=-1,
ucredit=-1, etc) onto the correct place, but if another value is
already present (i.e. lcredit=-2), the onlyif match statement doesn't
seem to support checking regular expressions inside of strings. How do
I check that any numeric value exists in the argument??
define passwordcomplexity($lowercase = "1", $uppercase = "1",
$numeric = "1", $special = "1") {
augeas { "add_lowercase_reqs" :
context => "/files/etc/pam.d",
changes => "set
system-auth/*[module='pam_cracklib.so']/argument[last()+1]
lcredit=-$lowercase",
onlyif => "match
system-auth/*[argument='lcredit=*'] size == 0",
}
augeas { "add_uppercase_reqs" :
context => "/files/etc/pam.d",
changes => "set
system-auth/*[module='pam_cracklib.so']/argument[last()+1]
ucredit=-$uppercase",
onlyif => "match
system-auth/*[argument='ucredit=*'] size == 0",
}
augeas { "add_numeric_reqs" :
context => "/files/etc/pam.d",
changes => "set
system-auth/*[module='pam_cracklib.so']/argument[last()+1]
dcredit=-$numeric",
onlyif => "match
system-auth/*[argument='dcredit=*'] size == 0",
}
augeas { "add_special_reqs" :
context => "/files/etc/pam.d",
changes => "set
system-auth/*[module='pam_cracklib.so']/argument[last()+1]
ocredit=-$special",
onlyif => "match
system-auth/*[argument='ocredit=*'] size == 0",
}
}
This will continuously append lcredit=-2, etc onto the end of the
line, without checking the values that currently exist:
----------------------------------------------------
password requisite pam_cracklib.so try_first_pass retry=3
maxrepeat=3 lcredit=-2 ocredit=-2 dcredit=-2
ucredit=-2 dcredit=-2 ocredit=-2 lcredit=-2
ucredit=-2
-----------------------------------------------------
~Ed
I created a ticket about a pam type nearly a year ago and hopefully I
can have a working type with the parsedfile provider sometime within the
next week (I should have a real-live day off Friday). I did do some
planning for type features while on a plane ride but ended up falling
asleep... so that's as far as I am right now. I'll post to the list once
I have something that resembles a working pam type.
--
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
L'ennui est contre-révolutionnaire
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
