diff --git a/Gemfile b/Gemfile
@@ -10,7 +10,7 @@ gem 'metadata-json-lint'
 gem 'puppetlabs_spec_helper', '>= 1.2.0'
 gem 'facter', '>= 1.7.0'
 gem 'rspec-puppet'
-gem 'puppet-lint', '>= 1.0', '< 3.0'
+gem 'puppet-lint', '~> 2.0'
 gem 'puppet-lint-absolute_classname-check'
 gem 'puppet-lint-alias-check'
 gem 'puppet-lint-empty_string-check'

diff --git a/README.md b/README.md
@@ -28,6 +28,7 @@ only), 1.9.3, 2.0.0, 2.1.0 and 2.3.1 (Puppet v4 only).
  * Ubuntu 12.04 LTS
  * Ubuntu 14.04 LTS
  * Ubuntu 16.04 LTS
+ * Debian 7
  * Debian 8
 
 EL no longer requires the `redhat-lsb` package.

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -868,13 +868,13 @@
         }
         'Debian': {
           case $::lsbmajdistrelease {
-            '8': {
+            /(7|8)/: {
 
               if $ensure_vas == 'present' {
                 fail("Pam: vas is not supported on ${::osfamily} ${::lsbmajdistrelease}")
               }
-              $default_pam_d_login_template = 'pam/login.debian8.erb'
-              $default_pam_d_sshd_template  = 'pam/sshd.debian8.erb'
+              $default_pam_d_login_template = "pam/login.debian${::lsbmajdistrelease}.erb"
+              $default_pam_d_sshd_template  = "pam/sshd.debian${::lsbmajdistrelease}.erb"
               $default_package_name         = 'libpam0g'
 
 
@@ -902,11 +902,9 @@
                 'session required      pam_permit.so',
                 'session required      pam_unix.so',
               ]
-
-
             }
             default: {
-              fail("Pam is only supported on Debian 8. Your lsbmajdistrelease is <${::lsbmajdistrelease}>.")
+              fail("Pam is only supported on Debian 7 and 8. Your lsbmajdistrelease is <${::lsbmajdistrelease}>.")
             }
           }
         }

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-pam",
-  "version": "2.28.0",
+  "version": "2.29.0",
   "author": "ghoneycutt",
   "summary": "Manage PAM",
   "description": "Manages PAM, including specifying users and groups in access.conf, limits.conf, and limits fragments",
@@ -22,6 +22,7 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
+        "7",
         "8"
       ]
     },

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -162,36 +162,46 @@
             :types          => ['auth', 'account', 'password', 'session', 'noninteractive_session' ],
           }, ],
       },
+    'debian7'               =>
+      { :osfamily           => 'Debian',
+        :lsbdistid          => 'Debian',
+        :release            => '7',
+        :releasetype        => 'lsbmajdistrelease',
+        :packages           => [ 'libpam0g', ],
+        :files              => [
+          { :prefix         => 'pam_common_',
+            :types          => ['auth', 'account', 'password', 'session', 'noninteractive_session' ],
+          }, ],
+      },
     'debian8'               =>
-    { :osfamily             => 'Debian',
-      :lsbdistid            => 'Debian',
-      :release              => '8',
-      :releasetype          => 'lsbmajdistrelease',
-      :packages             => [ 'libpam0g', ],
-      :files                => [
-        { :prefix           => 'pam_common_',
-          :types            => ['auth', 'account', 'password', 'session', 'noninteractive_session' ],
-        }, ],
-    }
-
+      { :osfamily           => 'Debian',
+        :lsbdistid          => 'Debian',
+        :release            => '8',
+        :releasetype        => 'lsbmajdistrelease',
+        :packages           => [ 'libpam0g', ],
+        :files              => [
+          { :prefix         => 'pam_common_',
+            :types          => ['auth', 'account', 'password', 'session', 'noninteractive_session' ],
+          }, ],
+      }
   }
   unsupported_platforms = {
     'el4'                   =>
       { :osfamily           => 'RedHat',
         :release            => '4',
         :releasetype        => 'operatingsystemmajrelease',
       },
+    'debian6'               =>
+      { :osfamily           => 'Debian',
+        :release            => '6',
+        :lsbdistid          => 'Debian',
+        :releasetype        => 'lsbmajdistrelease',
+      },
     'suse8'                 =>
       { :osfamily           => 'Suse',
         :release            => '8',
         :releasetype        => 'lsbmajdistrelease',
       },
-    'debian7'               =>
-      { :osfamily           => 'Debian',
-        :release            => '7',
-        :lsbdistid          => 'Debian',
-        :releasetype        => 'lsbmajdistrelease',
-      },
     'ubuntu1004'            =>
       { :osfamily           => 'Debian',
         :release            => '10.04',
@@ -354,7 +364,7 @@
             next
           end
 
-          if check == 'vas' and v[:osfamily] == 'Debian' and v[:release] == '8'
+          if check == 'vas' and v[:osfamily] == 'Debian' and ['7', '8'].include?(v[:release])
             it 'should fail' do
               expect {
                 should contain_class('pam')

diff --git a/spec/fixtures/pam_common_account.defaults.debian7 b/spec/fixtures/pam_common_account.defaults.debian7
@@ -0,0 +1,5 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+account [success=1 new_authtok_reqd=done default=ignore]  pam_unix.so
+account requisite     pam_deny.so
+account required      pam_permit.so
diff --git a/spec/fixtures/pam_common_auth.defaults.debian7 b/spec/fixtures/pam_common_auth.defaults.debian7
@@ -0,0 +1,5 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+auth  [success=1 default=ignore]  pam_unix.so nullok_secure
+auth  requisite     pam_deny.so
+auth  required      pam_permit.so
diff --git a/spec/fixtures/pam_common_noninteractive_session.defaults.debian7 b/spec/fixtures/pam_common_noninteractive_session.defaults.debian7
@@ -0,0 +1,6 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+session [default=1]   pam_permit.so
+session requisite     pam_deny.so
+session required      pam_permit.so
+session required      pam_unix.so
diff --git a/spec/fixtures/pam_common_password.defaults.debian7 b/spec/fixtures/pam_common_password.defaults.debian7
@@ -0,0 +1,5 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+password  [success=1 default=ignore]  pam_unix.so obscure sha512
+password  requisite     pam_deny.so
+password  required      pam_permit.so
diff --git a/spec/fixtures/pam_common_session.defaults.debian7 b/spec/fixtures/pam_common_session.defaults.debian7
@@ -0,0 +1,6 @@
+# This file is being maintained by Puppet.
+# DO NOT EDIT
+session [default=1]   pam_permit.so
+session requisite     pam_deny.so
+session required      pam_permit.so
+session required      pam_unix.so
diff --git a/spec/fixtures/pam_d_login.defaults.debian7 b/spec/fixtures/pam_d_login.defaults.debian7
@@ -0,0 +1,17 @@
+auth     optional   pam_faildelay.so  delay=3000000
+auth     [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+auth     requisite  pam_nologin.so
+session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session  required   pam_env.so readenv=1
+session  required   pam_env.so readenv=1 envfile=/etc/default/locale
+@include common-auth
+auth     optional   pam_group.so
+session  required   pam_limits.so
+session  optional   pam_lastlog.so
+session  optional   pam_motd.so  motd=/run/motd.dynamic
+session  optional   pam_motd.so
+session  optional   pam_mail.so standard
+@include common-account
+@include common-session
+@include common-password
+session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
diff --git a/spec/fixtures/pam_d_sshd.defaults.debian7 b/spec/fixtures/pam_d_sshd.defaults.debian7
@@ -0,0 +1,11 @@
+auth     required     pam_env.so # [1]
+auth     required     pam_env.so envfile=/etc/default/locale
+@include common-auth
+account  required     pam_nologin.so
+@include common-account
+@include common-session
+session  optional     pam_motd.so  motd=/run/motd.dynamic noupdate
+session  optional     pam_motd.so # [1]
+session  optional     pam_mail.so standard noenv # [1]
+session  required     pam_limits.so
+@include common-password
diff --git a/templates/login.debian7.erb b/templates/login.debian7.erb
@@ -0,0 +1,17 @@
+auth     optional   pam_faildelay.so  delay=3000000
+auth     [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+auth     requisite  pam_nologin.so
+session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session  required   pam_env.so readenv=1
+session  required   pam_env.so readenv=1 envfile=/etc/default/locale
+@include common-auth
+auth     optional   pam_group.so
+session  required   pam_limits.so
+session  optional   pam_lastlog.so
+session  optional   pam_motd.so  motd=/run/motd.dynamic
+session  optional   pam_motd.so
+session  optional   pam_mail.so standard
+@include common-account
+@include common-session
+@include common-password
+session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
diff --git a/templates/sshd.debian7.erb b/templates/sshd.debian7.erb
@@ -0,0 +1,11 @@
+auth     required     pam_env.so # [1]
+auth     required     pam_env.so envfile=/etc/default/locale
+@include common-auth
+account  required     pam_nologin.so
+@include common-account
+@include common-session
+session  optional     pam_motd.so  motd=/run/motd.dynamic noupdate
+session  optional     pam_motd.so # [1]
+session  optional     pam_mail.so standard noenv # [1]
+session  required     pam_limits.so
+@include common-password