search

ghoneycutt / puppet-module-pam

Puppet module to manage PAM
Other
18 stars 79 forks source link

Add support for EL9 #242

Closed anders-larsson closed 1 year ago

anders-larsson commented 2 years ago

Adds support for EL9-based operating systems.

Would it be OK to convert the module to use PDK to make spec testing easier?

RHEL9 is currently in beta and centos9 container does not exist AFAIK.

anders-larsson commented 2 years ago

I'm not sure what the future for managing system authentication stuff for EL8+ is since it seems like Red Hat is moving towards using authselect to manage these components. It does not appear to exist a module to handle authselect right now though.

ghoneycutt commented 2 years ago

Welcome to add pdk support though in its own PR please.

ghoneycutt commented 2 years ago

@anders-larsson Merged the PDK PR. Could you please rebase this.

anders-larsson commented 2 years ago

Question: Should we manage the files in /etc/authselect instead of the files in /etc/pam.d directly?

Diffs (between original file and the one managed by Puppet:


# diff /etc/authselect/password-auth /etc/pam.d/password-auth
1,3c1,4
< # Generated by authselect on Wed May  4 08:21:34 2022
< # Do not modify this file manually.
<
---
> # This file is being maintained by Puppet.
> # DO NOT EDIT
> #
> # Auth
12a14
> # Account
18a21
> # Password
23a27
> # Session
# diff /etc/authselect/system-auth /etc/pam.d/system-auth                                                                                                                                                            
1,3c1,3
< # Generated by authselect on Wed May  4 08:21:34 2022
< # Do not modify this file manually.
<
---
> # This file is being maintained by Puppet.
> # DO NOT EDIT
> # Auth
12a13
> # Account
18a20
> # Password
23a26
> # Session
ghoneycutt commented 2 years ago

Hey @anders-larsson check out diff -Naur which is easier to read. It seems like the only difference are the comments.

anders-larsson commented 2 years ago

Thanks. Yes. The only difference between the files are the comments :)

ghoneycutt commented 2 years ago

I do not have any suggestions for authselect vs pam.d... you want me to go ahead and merge this?

anders-larsson commented 2 years ago

Sounds OK to me.

anders-larsson commented 2 years ago

@ghoneycutt What is left to do before this change can be merged?

iuriss commented 1 year ago

Any chance this will get merged? Trying to roll out Rocky 9.1 with this module.

ghoneycutt commented 1 year ago

I have rebased this in #256