.fixtures.yml

@@ -1,6 +1,8 @@
 fixtures:
   repositories:
-    "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git"
+    "stdlib":
+      repo: "git://github.com/puppetlabs/puppetlabs-stdlib.git"
+      ref: "3.2.0"
     "nsswitch": "git://github.com/ghoneycutt/puppet-module-nsswitch.git"
   symlinks:
     "pam": "#{source_dir}"

.gitignore

@@ -28,3 +28,4 @@ doc/
 metadata.json
 coverage/
 spec/fixtures/modules/*
+Gemfile.lock

.travis.yml

@@ -1,7 +1,7 @@
 ---
 env:
 - PUPPET_VERSION=2.7.23
-- PUPPET_VERSION=3.2.4
+- PUPPET_VERSION=3.3.1
 notifications:
 email: false
 rvm:

Modulefile

@@ -1,5 +1,5 @@
 name    'ghoneycutt-pam'
-version '2.1.0'
+version '2.2.0'
 source 'git://github.com/ghoneycutt/puppet-module-pam.git'
 author 'ghoneycutt'
 license 'Apache License, Version 2.0'
@@ -8,3 +8,4 @@ description 'Manages PAM, including specifying users and groups in access.conf,
 project_page 'https://github.com/ghoneycutt/puppet-module-pam'
 
 dependency 'ghoneycutt/nsswitch', '>= 0.0.1'
+dependency 'puppetlabs/stdlib',   '3.2.x'

README.md

@@ -15,6 +15,11 @@ This module has been tested to work on the following systems using Puppet v3 and
  * EL 5
  * EL 6
  * Solaris 10
+ * Solaris 11
+ * Suse 9
+ * Suse 10
+ * Suse 11
+ * Ubuntu 12.04 LTS
 
 ===
 
@@ -29,6 +34,12 @@ Array of users allowed to log in.
 
 - *Default*: root
 
+limits_fragments
+----------------
+Hash of fragments to pass to pam::limits::fragments
+
+- *Default*: undef
+
 package_name
 ------------
 Array of packages providing the pam functionality. If undef, parameter is set based on the OS version.
@@ -108,38 +119,98 @@ Content template of $pam_d_sshd_path. If undef, parameter is set based on the OS
 - *Default*: undef, default is set based on OS version
 
 pam_auth_lines
--------------------------
+--------------
 Content for PAM auth. If undef, parameter is set based on the OS version.
 
 - *Default*: undef, default is set based on OS version
 
 pam_account_lines
-----------------------------
+-----------------
 Content for PAM account. If undef, parameter is set based on the OS version.
 
 - *Default*: undef, default is set based on OS version
 
 pam_password_lines
------------------------------
+------------------
 Content for PAM password. If undef, parameter is set based on the OS version.
 
 - *Default*: undef, default is set based on OS version
 
 pam_session_lines
-----------------------------
+-----------------
 Content for PAM session. If undef, parameter is set based on the OS version.
 
 - *Default*: undef, default is set based on OS version
 
+pam_d_other_file
+----------------
+Path to other. Used on Suse.
+
+- *Default*: '/etc/pam.d/other'
+
+common_auth_file
+----------------
+Path to common-auth. Used on Suse.
+
+- *Default*: '/etc/pam.d/common-auth'
+
+common_auth_pc_file
+-------------------
+Path to common-auth-pc. Used on Suse.
+
+- *Default*: '/etc/pam.d/common-auth-pc'
+
+common_account_file
+-------------------
+Path to common-account. Used on Suse.
+
+- *Default*: '/etc/pam.d/common-account'
+
+common_account_pc_file
+----------------------
+Path to common-account-pc. Used on Suse.
+
+- *Default*: '/etc/pam.d/common-account-pc'
+
+common_password_file
+--------------------
+Path to common-password. Used on Suse.
+
+- *Default*: '/etc/pam.d/common-password'
+
+common_password_pc_file
+-----------------------
+Path to common-password-pc. Used on Suse.
+
+- *Default*: '/etc/pam.d/common-password-pc'
+
+common_session_file
+-------------------
+Path to common-session. Used on Suse.
+
+- *Default*: '/etc/pam.d/common-session'
+
+common_session_pc_file
+----------------------
+Path to common-session-pc. Used on Suse.
+
+- *Default*: '/etc/pam.d/common-session-pc'
+
+common_session_noninteractive_file
+----------------------------------
+Path to common-session-noninteractive, which is the same as common-session-pc used on Suse. Used on Ubuntu 12.04 LTS.
+
+- *Default*: '/etc/pam.d/common-session-noninteractive'
+
 system_auth_file
 ----------------
-Path to system-auth.
+Path to system-auth. Used on RedHat.
 
 - *Default*: '/etc/pam.d/system-auth'
 
 system_auth_ac_file
 -------------------
-Path to system-auth-ac
+Path to system-auth-ac. Used on RedHat.
 
 - *Default*: '/etc/pam.d/system-auth-ac'
 
@@ -230,9 +301,69 @@ Path to limits.d directory
 Places a fragment in $limits_d_dir directory
 
 ## Parameters for `pam::limits::fragment`
+Source or list **must** be set.
 
 source
 ------
 String - Path to the fragment file, such as 'puppet:///modules/pam/limits.nproc'
 
-- *Required*
+- *Default*: 'UNSET'
+
+list
+----
+Array of lines to add to the fragment file
+
+===
+
+# pam::service
+Manage PAM file for specific service
+
+## Usage
+you can specify a hash for to manage the services in Hiera
+<pre>
+pam::services:
+  "sudo":
+    content : "auth     required       pam_unix2.so"
+</pre>
+
+## Paramteters for `pam::service`
+
+pam_config_dir
+--------------
+Path to PAM files
+
+- *Default*: '/etc/pam.d/'
+
+content
+-------
+Content of the PAM file for the service
+
+===
+
+# Hiera example for limits_fragments
+<pre>
+pam::limits_fragments:
+  custom:
+    list:
+      - '* soft nofile 2048'
+      - '* hard nofile 8192'
+      - '* soft as 3145728'
+      - '* hard as 4194304'
+      - '* hard maxlogins 300'
+      - '* soft cpu 720'
+      - '* hard cpu 1440'
+</pre>
+
+This would create /etc/security/limits.d/custom.conf with content
+<pre>
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+* soft nofile 2048
+* hard nofile 8192
+* soft as 3145728
+* hard as 4194304
+* hard maxlogins 300
+* soft cpu 720
+* hard cpu 1440
+</pre>
+