Add note about UsePAM

This commit is contained in:
Matt Willsher 2017-05-04 15:03:19 +01:00
parent b5a1b14ab1
commit fffdf9df08
3 changed files with 18 additions and 12 deletions

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
.vagrant
tests/roles/ansible-sshd
tests/test.retry

27
Vagrantfile vendored
View file

@ -4,25 +4,28 @@
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.synced_folder ".", "/vagrant", type: "nfs"
config.vm.define "ubuntu" do |ubuntu|
ubuntu.vm.box = "boxcutter/ubuntu1604"
# ubuntu.vm.provision "shell", inline: <<-SHELL
# sudo add-apt-repository -y ppa:ansible/ansible
# sudo apt-get update -qq
# sudo apt-get -qq install ansible
# SHELL
# ubuntu.vm.provision "shell", inline: <<-SHELL
# sudo add-apt-repository -y ppa:ansible/ansible
# sudo apt-get update -qq
# sudo apt-get -qq install ansible
# SHELL
end
# config.vm.define "centos7" do |centos|
# centos.vm.box = "boxcutter/centos72"
config.vm.define "centos7" do |centos|
centos.vm.box = "centos/7"
# centos.vm.provision "shell", inline: <<-SHELL
# sudo yum install -y libselinux-python
# SHELL
# end
centos.vm.provision "shell", inline: <<-SHELL
sudo yum install -y libselinux-python
SHELL
end
config.vm.provision "shell", inline: <<-SHELL
test -e /vagrant/tests/roles/ansible-sshd || ln -s /vagrant /vagrant/tests/roles/ansible-sshd
test -e /vagrant/tests/roles/ansible-sshd || ln -s /vagrant /vagrant/tests/roles/ansible-sshd
SHELL
config.vm.provision "ansible_local" do |ansible|

View file

@ -14,6 +14,8 @@ sshd_defaults:
ChallengeResponseAuthentication: no
GSSAPIAuthentication: yes
GSSAPICleanupCredentials: yes
# Note that UsePAM: no is not supported under RHEL/CentOS. See
# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
UsePAM: yes
X11Forwarding: yes
UsePrivilegeSeparation: sandbox