Web lists-archives.com

Re: Using config management to automate pam-auth-update(8) change




Darren S. wrote:

> I know that when the proper configuration is triggered that the target
> files in /etc/pam.d/ are modified, but I can't figure out how to call
> into pam-auth-update from Ansible to set the profiles. I'd rather use
> the profile and avoid troublesome manual manipulation of the files
> under /etc/pam.d. So is there a way other than interactive execution
> of pam-auth-update to configure/activate the profiles as I'd like? Or
> put another way, what is the best/correct approach to achieving my
> goal?

I would say do whatever fits your needs best. There is often no correct
approach, but rather preferred.

I would just save the modified files to the ansible repository and copy them
over (perhaps let ansible make backup before copy), or alternatively use
diff and patch (assuming target files are default and same everywhere).

regards