search

eyespies / system_core

Configuration of base / core services for Linux systems in order to enforce standards based OS setup
Apache License 2.0
0 stars 0 forks source link

dev-sec Breaks IPA Installations #2

Closed eyespies closed 6 years ago

eyespies commented 6 years ago

Cookbook version

  "recipes": {
  },
  "version": "1.2.0",
  "source_url": "https://github.com/eyespies/system_core",
  "issues_url": "https://github.com/eyespies/system_core/issues",
  "privacy": false,
  "chef_versions": [
    [
      ">= 12"
    ]
  ],
  "ohai_versions": [

Chef-client version

[root@hostname pam.d] :) chef-client --version
Chef: 13.4.24

Platform Details

KVM Oracle Linux 6.9

Scenario:

Attempting to use sudo su - when the system is tied in to a FreeIPA server results in password failures.

[jspies@hostname ~] :( sudo su -
[sudo] password for jspies: 
Sorry, try again.
[sudo] password for jspies: 
Sorry, try again.
[sudo] password for jspies: 
sudo: 2 incorrect password attempts

Steps to Reproduce:

Setup a server Register said server with FreeIPA Login as a normal user with sudo privileges in FreeIPA Attempt to sudo su -

Expected Result:

I should change to the root user

Actual Result:

I receive password failure messages

eyespies commented 6 years ago

This has been tracked down to an issue in the upstream linux-dev-sec Chef cookbook and will need to be addressed there by allowing this cookbook to override the template file used to build /etc/pam.d/system-auth-ac