fa2800419e
This patch migrates all of the remaining non-unique variable names in the security role to a pattern that begins with `security_*`. This will reduce potential variable collisions with other roles. This is a breaking change for deployers and users who are moving from the liberty or stable/mitaka branches to master. Release notes are included with additional details to help with the transition. Closes-Bug: 1578326 Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
776 B
776 B
Ubuntu 14.04 allows accounts with null passwords to authenticate via PAM by default. This STIG requires that those login attempts are blocked.
In Ubuntu, this functionality is controlled by the
nullok_secure parameter found in
/etc/pam.d/common-auth. The Ansible task for this STIG will
remove the nullok_secure from the PAM configuration file.
The effects of the change are immediate and no service restarts are
required.
However, deployers can opt-out of this change by adjusting an Ansible variable:
security_pam_remove_nullok: noSetting the variable to yes (the default) will cause the
Ansible tasks to remove the nullok_secure parameter while
setting the variable to no will leave the PAM configuration
unchanged.