Showing with 11 additions and 3 deletions.

+1 −1 metadata.json

+2 −2 spec/classes/init_spec.rb

+1 −0 spec/fixtures/pam_d_login.defaults.el7

+1 −0 spec/fixtures/pam_d_sshd.defaults.el7

+3 −0 templates/login.el7.erb

+3 −0 templates/sshd.el7.erb
diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-pam",
-  "version": "2.29.0",
+  "version": "2.29.1",
   "author": "ghoneycutt",
   "summary": "Manage PAM",
   "description": "Manages PAM, including specifying users and groups in access.conf, limits.conf, and limits fragments",

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -484,7 +484,7 @@
         end
         let(:params) {{ :login_pam_access => 'sufficient' }}
 
-        if (v[:osfamily] == 'RedHat' and (v[:release] == '5' or v[:release] == '6')) or (v[:osfamily] == 'Suse' and v[:release] == '11')
+        if (v[:osfamily] == 'RedHat') or (v[:osfamily] == 'Suse' and v[:release] == '11')
           it { should contain_file('pam_d_login').with_content(/account[\s]+sufficient[\s]+pam_access.so/) }
         end
       end
@@ -511,7 +511,7 @@
         end
         let(:params) {{ :sshd_pam_access => 'sufficient' }}
 
-        if (v[:osfamily] == 'RedHat' and (v[:release] == '5' or v[:release] == '6')) or (v[:osfamily] == 'Suse' and v[:release] == '11')
+        if (v[:osfamily] == 'RedHat') or (v[:osfamily] == 'Suse' and v[:release] == '11')
           it { should contain_file('pam_d_sshd').with_content(/^account[\s]+sufficient[\s]+pam_access.so$/) }
         end
       end

diff --git a/spec/fixtures/pam_d_login.defaults.el7 b/spec/fixtures/pam_d_login.defaults.el7
@@ -4,6 +4,7 @@ auth       substack     system-auth
 auth       include      postlogin
 account    required     pam_nologin.so
 account    include      system-auth
+account    required     pam_access.so
 password   include      system-auth
 # pam_selinux.so close should be the first session rule
 session    required     pam_selinux.so close

diff --git a/spec/fixtures/pam_d_sshd.defaults.el7 b/spec/fixtures/pam_d_sshd.defaults.el7
@@ -2,6 +2,7 @@
 auth       required     pam_sepermit.so
 auth       substack     password-auth
 auth       include      postlogin
+account    required     pam_access.so
 account    required     pam_nologin.so
 account    include      password-auth
 password   include      password-auth

diff --git a/templates/login.el7.erb b/templates/login.el7.erb
@@ -4,6 +4,9 @@ auth       substack     system-auth
 auth       include      postlogin
 account    required     pam_nologin.so
 account    include      system-auth
+<% if @login_pam_access != 'absent' -%>
+account    <%= @login_pam_access %>     pam_access.so
+<% end -%>
 password   include      system-auth
 # pam_selinux.so close should be the first session rule
 session    required     pam_selinux.so close

diff --git a/templates/sshd.el7.erb b/templates/sshd.el7.erb
@@ -2,6 +2,9 @@
 auth       required     pam_sepermit.so
 auth       substack     password-auth
 auth       include      postlogin
+<% if @sshd_pam_access != 'absent' -%>
+account    <%= @sshd_pam_access %>     pam_access.so
+<% end -%>
 account    required     pam_nologin.so
 account    include      password-auth
 password   include      password-auth