Modulefile

@@ -1,5 +1,5 @@
 name    'ghoneycutt-pam'
-version '2.12.0'
+version '2.13.0'
 source 'git://github.com/ghoneycutt/puppet-module-pam.git'
 author 'ghoneycutt'
 license 'Apache-2.0'

README.md

@@ -82,6 +82,18 @@ This would create /etc/security/access.conf with the following content.
 + : username2 : tty1
 </pre>
 
+login_pam_access
+----------------
+Control module to be used for pam_access.so for login. Valid values are 'required', 'requisite', 'sufficient', 'optional' and 'absent'.
+
+- *Default*: 'required'
+
+sshd_pam_access
+---------------
+Control module to be used for pam_access.so for sshd. Valid values are 'required', 'requisite', 'sufficient', 'optional' and 'absent'.
+
+- *Default*: 'required'
+
 limits_fragments
 ----------------
 Hash of fragments to pass to pam::limits::fragments

manifests/init.pp

@@ -4,6 +4,8 @@
 #
 class pam (
   $allowed_users                       = 'root',
+  $login_pam_access                    = 'required',
+  $sshd_pam_access                     = 'required',
   $ensure_vas                          = 'absent',
   $package_name                        = undef,
   $pam_conf_file                       = '/etc/pam.conf',
@@ -755,6 +757,14 @@
     }
   }
 
+  $valid_pam_access_values = ['^required$', '^requisite$', '^sufficient$', '^optional$', '^absent$']
+
+  validate_re($login_pam_access, $valid_pam_access_values,
+    "pam::login_pam_access is <${login_pam_access}> and must be either 'required', 'requisite', 'sufficient', 'optional' or 'absent'.")
+
+  validate_re($sshd_pam_access, $valid_pam_access_values,
+    "pam::sshd_pam_access is <${sshd_pam_access}> and must be either 'required', 'requisite', 'sufficient', 'optional' or 'absent'.")
+
   if $package_name == undef {
     $my_package_name = $default_package_name
   } else {

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-pam",
-  "version": "2.12.0",
+  "version": "2.13.0",
   "author": "ghoneycutt",
   "summary": "Manage PAM",
   "license": "Apache-2.0",