I’ve recently been working on upgrading the stock Ubuntu cloud image(*) to meet the requirements for PCI DSS compliance – and a hugely non-obvious issue I ran into went as follows:
# passwd newuser
passwd: Module is unknown
passwd: password unchanged
… which it turns out is due to Ubuntu referring to cracklib in their stock pam configuration, but then shipping a cloud image without this package installed.
Additionally, unless prefixed with LC_ALL=C, then invoking apt-get will throw out lots of locale warnings.
Therefore, to fix up the stock Ubuntu cloud image so that it actually works out of the box, then first commands to be issued on the running VM (or against the image mounted locally and chroot()d into) should be:
$ sudo apt-get update
$ sudo LC_ALL=C apt-get -qy install language-pack-en language-pack-en-base libpam-cracklib
(*) Bearing in mind that Canonical’s Ubuntu IP policy is garbage…
Like this:
Like Loading...
Related
Aug 18 2015
Setting user passwords on Ubuntu cloud instances
I’ve recently been working on upgrading the stock Ubuntu cloud image(*) to meet the requirements for PCI DSS compliance – and a hugely non-obvious issue I ran into went as follows:
… which it turns out is due to Ubuntu referring to cracklib in their stock pam configuration, but then shipping a cloud image without this package installed.
Additionally, unless prefixed with LC_ALL=C, then invoking apt-get will throw out lots of locale warnings.
Therefore, to fix up the stock Ubuntu cloud image so that it actually works out of the box, then first commands to be issued on the running VM (or against the image mounted locally and chroot()d into) should be:
$ sudo apt-get update
$ sudo LC_ALL=C apt-get -qy install language-pack-en language-pack-en-base libpam-cracklib
(*) Bearing in mind that Canonical’s Ubuntu IP policy is garbage…
Share this:
Like this:
Related
By Stuart • UNIX, Work 0