f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
20 lines
644 B
ReStructuredText
20 lines
644 B
ReStructuredText
---
|
|
id: V-71937
|
|
status: implemented
|
|
tag: auth
|
|
---
|
|
|
|
The Ansible tasks will ensure that PAM is configured to disallow logins from
|
|
accounts with null or blank passwords. This involves removing a single option
|
|
from one of the PAM configuration files:
|
|
|
|
* CentOS or RHEL: removes ``nullok`` from ``/etc/pam.d/system-auth``
|
|
* Ubuntu: removes ``nullok_secure`` from ``/etc/pam.d/common-auth``
|
|
* openSUSE Leap or SLE: remove ``nullok`` from ``/etc/pam.d/common-auth`` and ``/etc/pam.d/common-password``
|
|
|
|
Deployers can opt-out of this change by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_disallow_blank_password_login: no
|