Add note about UsePAM

This commit is contained in:
Matt Willsher 2017-05-04 15:03:19 +01:00
parent b5a1b14ab1
commit fffdf9df08
3 changed files with 18 additions and 12 deletions

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
.vagrant .vagrant
tests/roles/ansible-sshd tests/roles/ansible-sshd
tests/test.retry

25
Vagrantfile vendored
View file

@ -4,22 +4,25 @@
VAGRANTFILE_API_VERSION = "2" VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.synced_folder ".", "/vagrant", type: "nfs"
config.vm.define "ubuntu" do |ubuntu| config.vm.define "ubuntu" do |ubuntu|
ubuntu.vm.box = "boxcutter/ubuntu1604" ubuntu.vm.box = "boxcutter/ubuntu1604"
# ubuntu.vm.provision "shell", inline: <<-SHELL # ubuntu.vm.provision "shell", inline: <<-SHELL
# sudo add-apt-repository -y ppa:ansible/ansible # sudo add-apt-repository -y ppa:ansible/ansible
# sudo apt-get update -qq # sudo apt-get update -qq
# sudo apt-get -qq install ansible # sudo apt-get -qq install ansible
# SHELL # SHELL
end end
# config.vm.define "centos7" do |centos| config.vm.define "centos7" do |centos|
# centos.vm.box = "boxcutter/centos72" centos.vm.box = "centos/7"
# centos.vm.provision "shell", inline: <<-SHELL centos.vm.provision "shell", inline: <<-SHELL
# sudo yum install -y libselinux-python sudo yum install -y libselinux-python
# SHELL SHELL
# end end
config.vm.provision "shell", inline: <<-SHELL config.vm.provision "shell", inline: <<-SHELL
test -e /vagrant/tests/roles/ansible-sshd || ln -s /vagrant /vagrant/tests/roles/ansible-sshd test -e /vagrant/tests/roles/ansible-sshd || ln -s /vagrant /vagrant/tests/roles/ansible-sshd

View file

@ -14,6 +14,8 @@ sshd_defaults:
ChallengeResponseAuthentication: no ChallengeResponseAuthentication: no
GSSAPIAuthentication: yes GSSAPIAuthentication: yes
GSSAPICleanupCredentials: yes GSSAPICleanupCredentials: yes
# Note that UsePAM: no is not supported under RHEL/CentOS. See
# https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218
UsePAM: yes UsePAM: yes
X11Forwarding: yes X11Forwarding: yes
UsePrivilegeSeparation: sandbox UsePrivilegeSeparation: sandbox