Closed anders-larsson closed 1 year ago
I'm not sure what the future for managing system authentication stuff for EL8+ is since it seems like Red Hat is moving towards using authselect
to manage these components. It does not appear to exist a module to handle authselect right now though.
Welcome to add pdk support though in its own PR please.
@anders-larsson Merged the PDK PR. Could you please rebase this.
Question: Should we manage the files in /etc/authselect instead of the files in /etc/pam.d directly?
Diffs (between original file and the one managed by Puppet:
# diff /etc/authselect/password-auth /etc/pam.d/password-auth
1,3c1,4
< # Generated by authselect on Wed May 4 08:21:34 2022
< # Do not modify this file manually.
<
---
> # This file is being maintained by Puppet.
> # DO NOT EDIT
> #
> # Auth
12a14
> # Account
18a21
> # Password
23a27
> # Session
# diff /etc/authselect/system-auth /etc/pam.d/system-auth
1,3c1,3
< # Generated by authselect on Wed May 4 08:21:34 2022
< # Do not modify this file manually.
<
---
> # This file is being maintained by Puppet.
> # DO NOT EDIT
> # Auth
12a13
> # Account
18a20
> # Password
23a26
> # Session
Hey @anders-larsson check out diff -Naur
which is easier to read. It seems like the only difference are the comments.
Thanks. Yes. The only difference between the files are the comments :)
I do not have any suggestions for authselect vs pam.d... you want me to go ahead and merge this?
Sounds OK to me.
@ghoneycutt What is left to do before this change can be merged?
Any chance this will get merged? Trying to roll out Rocky 9.1 with this module.
I have rebased this in #256
Adds support for EL9-based operating systems.
Would it be OK to convert the module to use PDK to make spec testing easier?
RHEL9 is currently in beta and centos9 container does not exist AFAIK.