2 "account required pam_unix.so",
3 "account sufficient @@pam_krb5@@/lib/security/pam_krb5.so",
4 "auth [default=die success=done] @@pam_ccreds@@/lib/security/pam_ccreds.so action=validate use_first_pass",
5 "auth [default=ignore success=1 service_err=reset] @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass",
6 "auth required pam_deny.so",
7 "auth sufficient @@pam_ccreds@@/lib/security/pam_ccreds.so action=store use_first_pass",
8 "auth sufficient pam_rootok.so",
9 "auth sufficient pam_unix.so likeauth try_first_pass",
10 "password sufficient @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass",
11 "password sufficient pam_unix.so nullok yescrypt",
12 "session optional @@pam_krb5@@/lib/security/pam_krb5.so",
13 "session required pam_env.so conffile=/etc/pam/environment readenv=0",
14 "session required pam_unix.so",
16 actual_lines
= set(machine
.succeed("cat /etc/pam.d/chfn").splitlines())
18 stripped_lines
= set([line
.split("#")[0].rstrip() for line
in actual_lines
])
19 missing_lines
= expected_lines
- stripped_lines
20 extra_lines
= stripped_lines
- expected_lines
21 non_functional_lines
= set([line
for line
in extra_lines
if line
== ""])
22 unexpected_functional_lines
= extra_lines
- non_functional_lines
24 with
subtest("All expected lines are in the file"):
25 assert not missing_lines
, f
"Missing lines: {missing_lines}"
27 with
subtest("All remaining lines are empty or comments"):
28 assert not unexpected_functional_lines
, f
"Unexpected lines: {unexpected_functional_lines}"
