From 131a45c836dcc747c9c4dbd76d13ca662c4fead3 Mon Sep 17 00:00:00 2001
From: Will <iq20064@bristol.ac.uk>
Date: Tue, 15 Aug 2023 15:02:27 +0100
Subject: [PATCH] Trying passworded user with PAM

---
 image/Dockerfile           | 3 ++-
 image/docker-entrypoint.sh | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/image/Dockerfile b/image/Dockerfile
index eda87a1..d74c55d 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -46,6 +46,7 @@ RUN set -ex \
        openssh-server \
        apptainer \
        ondemand \
+       mod_authnz_pam
     && yum clean all \
     && rm -rf /var/cache/yum
 
@@ -93,7 +94,7 @@ RUN mkdir /etc/sysconfig/slurm \
     && useradd -r --uid=990 slurm \
     && chown -R slurm:slurm /var/*/slurm* \
     && useradd -u 1000 rocky \
-    && usermod -p '*' rocky # unlocks account but sets no password
+    && usermod -p 'openssl password' rocky
 
 VOLUME /etc/slurm
 COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
diff --git a/image/docker-entrypoint.sh b/image/docker-entrypoint.sh
index d2a5654..5f10eff 100755
--- a/image/docker-entrypoint.sh
+++ b/image/docker-entrypoint.sh
@@ -131,6 +131,10 @@ then
 
     /usr/libexec/httpd-ssl-gencerts
 
+    cp /etc/pam.d/sshd /etc/pam.d/ood
+    chmod 640 /etc/shadow
+    chgrp apache /etc/shadow
+
     mkdir --parents /opt/rh/httpd24/root/etc/httpd/
     /usr/bin/htpasswd -cb /opt/rh/httpd24/root/etc/httpd/apache-passwords rocky $ROCKY_OOD_PASS