-
-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
problem adding two different pam entries for same module and type #106
Comments
This is a duplicate of #105 |
Is this really a duplicate issue? Definitely a different problem although I suppose the fix could apply to both issues. I tried the latest augeasproviders from git and these two entries overwrite each other even though they have a different key or path in terms of type/control/module. It seems like the unique identifier is being treated as the type/module and the control value is ignored? |
I know this was marked a duplicate of a now closed issue, so let me know if I should open a new issue. I tried out the latest augeasproviders (from Git earlier today as downloaded by puppet-librarian) and I am still seeing only one of the two entries I am trying to add with the pam provider using the following config. Is it possible the pam provider just doesn't let you have two entries with the same type and module (but a different control)?
I am getting one of the two entries like the following and it is at the end of the password-auth file.
If I comment out the first puppet "pam" and run again then it shows the other entry (see below). At one point I had the position attribute on the entry that wasn't showing up referencing a module/type combination that didn't exist so the entry was going to the end of the password-auth file and was being overwritten there by the entry that was actually showing up.
|
Indeed, |
Issue #114 deals with this now. |
In the scap-security-guide package for openscap they have a security recommendation to add the following two lines to /etc/pam.d/system-auth, after the pam_unix.so entry in the auth section:
I am able to get one entry or the other but I don't know how to craft a position path that will allow me to add both entries. Below is one of the things I have tried and the entries work individually but one overwrites the other if I use both. I know this is not an issue as much as a plea for help but if this is doable maybe it could make a nice example for the pam provider documentation.
The text was updated successfully, but these errors were encountered: