Diffusion Nasqueron Operations 7277030d10a6

Disable pam_nologin for SSH connections
7277030d10a6
Actions

Description

Disable pam_nologin for SSH connections

Summary:
systemd likes to touch /run/nologin to prevent SSH connections
while not fully initialized, a behavior frowned upon as there
isn't any warranty the file will be removed on system failure.

Furthermore, restrict non root login isn't a solution on servers
where root access isn't possible through SSH.

Fixes T1194.

Test Plan:
Running the state on Eglide, output was well the expected diff:

-account    required     pam_nologin.so
+#account    required     pam_nologin.so

Reviewers: Sandlayth

Reviewed By: Sandlayth

Maniphest Tasks: T1194

Differential Revision: https://devcentral.nasqueron.org/D975

Details

Provenance

dereckson	Authored on Apr 28 2017, 09:36
dereckson	Pushed on Apr 29 2017, 13:47

Reviewer

Sandlayth

Differential Revision

D975: Disable pam_nologin for SSH connections

Parents

rOPS0eb9553d61ee: Make Odderon account unit compatible with FreeBSD

Branches

Unknown

Tags

Unknown

Tasks

T1194: Disable pam_nologin on Eglide

Event Timeline

dereckson committed rOPS7277030d10a6: Disable pam_nologin for SSH connections (authored by dereckson).Apr 29 2017, 13:47

dereckson added a task: T1194: Disable pam_nologin on Eglide.

Changes (1)

Path

Size

	roles/	core/	sshd/
	roles/	shellserver/	odderon/

	init.sls
	account.sls

rOPS7277030d10a6

View Options