Modifying the PAM Configuration on HDInsight Standard

As mentioned in a previous blog post on HDInsight standard, Microsoft modify the PAM configuration (at least this is the case on HDInsight 3.5) such that when you create a user and try to set the password you are asked to set the password twice.

The gist below can be used to reset the PAM configuration. In the code below the various PAM configuration files have been gzipped and base64 encoded.

This technique of using gzip compressed and base64 encoded files is very useful when running script actions on HDInsight or even configuring VMs via custom script actions on Linux.

The code creates files:

  • common-account
  • common-auth
  • common-password
  • common-session
  • common-session-noninteractive


These should replace the ones in /etc/pam.d/

Comments