diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh
index 413d4852a65..680b08a7818 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh
@@ -1,26 +1,49 @@
-setup_accounts() {
-  # Setup sudo to allow no-password sudo for "admin"
-  groupadd -r admin
-  # Create a 'cloud' user if it's not there
-  id cloud
-  if [[ $? -ne 0 ]]
-  then
-    useradd -G admin cloud
-  else
-    usermod -a -G admin cloud
-  fi
-  echo "root:$ROOTPW" | chpasswd
-  echo "cloud:`openssl rand -base64 32`" | chpasswd
-  sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
-  sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount/g' /etc/sudoers
-  # Disable password based authentication via ssh, this will take effect on next reboot
-  sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
-  # Secure ~/.ssh
-  mkdir -p /home/cloud/.ssh
-  chmod 700 /home/cloud/.ssh
+#!/bin/bash
+
+set -e
+set -x
+
+function add_admin_group() {
+  groupadd -f -r admin
 }
 
-fix_inittab() {
+function configure_cloud_user() {
+  usermod -a -G admin cloud
+  mkdir -p /home/cloud/.ssh
+  chmod 700 /home/cloud/.ssh
+  echo "cloud:`openssl rand -base64 32`" | chpasswd
+}
+
+function configure_sudoers() {
+  cat >/etc/sudoers <<END
+Defaults	env_reset
+Defaults	exempt_group=admin
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+root	  ALL=(ALL:ALL) ALL
+%admin	ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount
+
+#includedir /etc/sudoers.d
+END
+  echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/cloud
+}
+
+# sshd_config is overwritten from cloud_scripts
+#function configure_sshd() {
+#  grep "UseDNS no" /etc/ssh/sshd_config && \
+#      grep "PasswordAuthentication no" /etc/ssh/sshd_config && \
+#      return
+#  # Tweak sshd to prevent DNS resolution (speed up logins)
+#  echo 'UseDNS no' >> /etc/ssh/sshd_config
+#
+#  # Require ssh keys for login
+#  sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config
+#}
+
+function configure_inittab() {
+  grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return
+
   # Fix inittab
   cat >> /etc/inittab << EOF
 
@@ -28,5 +51,12 @@ vc:2345:respawn:/sbin/getty 38400 hvc0
 EOF
 }
 
-setup_accounts
-fix_inittab
+function configure_login() {
+  add_admin_group
+  configure_cloud_user
+  configure_sudoers
+  # configure_sshd
+  configure_inittab
+}
+
+return 2>/dev/null || configure_login