2

Is there a way to run pam-auth-update (or some equivalent command), non-interactively on Ubuntu 12.04. I'm trying to automate this process for a number of machines, and the curses interface is making it tedious (and prone to errors).

I'm interested particularly in the case where everything available needs to be activated, but more flexibility in selecting options would be great as well.

Andrew Walker
  • 121
  • 1
  • 4
  • 1
    Non-interactive use of PAM automation scripts is really asking for it in a production environment. Generally speaking, you should have standard configurations for your environments and use config management to push out the files. – Andrew B Jul 17 '13 at 06:36
  • @AndrewB - great point, is there a good way to capture all of the changes that pam-auth-update has made? Happy to accept that as the answer if you add it – Andrew Walker Jul 17 '13 at 20:33
  • I don't have any experience with that Ubuntu tool unfortunately. We tune our files by hand. There's no way we can rely on something like this when we have to use PAM modules that aren't provided by the OS vendor, such as `pam_securid` or `pam_tacacs`. – Andrew B Jul 17 '13 at 20:38

1 Answers1

4

You can change the environment variable $DEBIAN_FRONTEND to achieve this:

DEBIAN_FRONTEND=noninteractive pam-auth-update

But be careful, you need to work with debconf to do useful stuff and this can be quite difficult. See for example this bug on launchpad (especially comment #3).

tlo
  • 548
  • 2
  • 8
  • 24