e44efd0fe7
This commit fixes some RST-related errors, spelling/typos, and updates some variable values which are incorrect. Change-Id: Ibc78dffc6246f8df2c0d5d42ca2d831c4c335720
767 B
767 B
Ubuntu 14.04 allows accounts with null passwords to authenticate via PAM by default. This STIG requires that those login attempts are blocked.
In Ubuntu, this functionality is controlled by the
nullok_secure parameter found in
/etc/pam.d/common-auth. The Ansible task for this STIG will
remove the nullok_secure from the PAM configuration file.
The effects of the change are immediate and no service restarts are
required.
However, deployers can opt-out of this change by adjusting an Ansible variable:
pam_remove_nullok: noSetting the variable to yes (the default) will cause the
Ansible tasks to remove the nullok_secure parameter while
setting the variable to no will leave the PAM configuration
unchanged.