I’ve recently been working on upgrading the stock Ubuntu cloud image(*) to meet the requirements for PCI DSS compliance – and a hugely non-obvious issue I ran into went as follows:
# passwd newuser passwd: Module is unknown passwd: password unchanged
… which it turns out is due to Ubuntu referring to cracklib in their stock pam configuration, but then shipping a cloud image without this package installed.
Additionally, unless prefixed with LC_ALL=C, then invoking apt-get will throw out lots of locale warnings.
Therefore, to fix up the stock Ubuntu cloud image so that it actually works out of the box, then first commands to be issued on the running VM (or against the image mounted locally and chroot()d into) should be:
$ sudo apt-get update
$ sudo LC_ALL=C apt-get -qy install language-pack-en language-pack-en-base libpam-cracklib
(*) Bearing in mind that Canonical’s Ubuntu IP policy is garbage…