2 changes: 1 addition & 1 deletion Modulefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'ghoneycutt-pam'
version '2.3.0'
version '2.4.0'
source 'git://github.com/ghoneycutt/puppet-module-pam.git'
author 'ghoneycutt'
license 'Apache License, Version 2.0'
Expand Down
104 changes: 74 additions & 30 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,52 +196,96 @@
$default_pam_d_sshd_template = 'pam/sshd.suse9.erb'
$default_package_name = [ 'pam', 'pam-modules' ]

$default_pam_auth_lines = [ 'auth required pam_warn.so',
'auth required pam_unix2.so #nullok set_setrpc']
$default_pam_auth_lines = [ 'auth required pam_warn.so',
'auth required pam_unix2.so']

$default_pam_account_lines = [ 'account required pam_warn.so',
'account required pam_unix2.so']
$default_pam_account_lines = [ 'account required pam_warn.so',
'account required pam_unix2.so']

$default_pam_password_lines = [ 'password required pam_warn.so',
'password required pam_pwcheck.so use_cracklib']
$default_pam_password_lines = [ 'password required pam_warn.so',
'password required pam_pwcheck.so use_cracklib']

$default_pam_session_lines = [ 'session required pam_warn.so',
'session required pam_unix2.so debug # none or trace']
$default_pam_session_lines = [ 'session required pam_warn.so',
'session required pam_unix2.so debug']
}

'10': {
$default_pam_d_login_template = 'pam/login.suse10.erb'
$default_pam_d_sshd_template = 'pam/sshd.suse10.erb'
$default_package_name = 'pam'

$default_pam_auth_lines = [ 'auth required pam_env.so',
'auth required pam_unix2.so']
if $ensure_vas == 'present' {
$default_pam_auth_lines = [ 'auth required pam_env.so',
'auth sufficient pam_vas3.so show_lockout_msg get_nonvas_pass store_creds',
'auth requisite pam_vas3.so echo_return',
'auth required pam_unix2.so use_first_pass']

$default_pam_account_lines = [ 'account sufficient pam_vas3.so',
'account requisite pam_vas3.so echo_return',
'account required pam_unix2.so']

$default_pam_password_lines = [ 'password sufficient pam_vas3.so',
'password requisite pam_vas3.so echo_return',
'password requisite pam_pwcheck.so nullok',
'password required pam_unix2.so use_authtok nullok']

$default_pam_account_lines = [ 'account required pam_unix2.so']
$default_pam_session_lines = [ 'session required pam_limits.so',
'session required pam_vas3.so',
'session requisite pam_vas3.so echo_return',
'session required pam_unix2.so']
} else {

$default_pam_password_lines = [ 'password required pam_pwcheck.so nullok',
'password required pam_unix2.so nullok use_authtok']
$default_pam_auth_lines = [ 'auth required pam_env.so',
'auth required pam_unix2.so']

$default_pam_session_lines = [ 'session required pam_limits.so',
'session required pam_unix2.so']
$default_pam_account_lines = [ 'account required pam_unix2.so']

$default_pam_password_lines = [ 'password required pam_pwcheck.so nullok',
'password required pam_unix2.so nullok use_authtok']

$default_pam_session_lines = [ 'session required pam_limits.so',
'session required pam_unix2.so']
}
}

'11': {
$default_pam_d_login_template = 'pam/login.suse11.erb'
$default_pam_d_sshd_template = 'pam/sshd.suse11.erb'
$default_package_name = 'pam'

$default_pam_auth_lines = [ 'auth required pam_env.so',
'auth required pam_unix2.so']

$default_pam_account_lines = [ 'account required pam_unix2.so']

$default_pam_password_lines = [ 'password required pam_pwcheck.so nullok cracklib',
'password required pam_unix2.so nullok use_authtok']

$default_pam_session_lines = [ 'session required pam_limits.so',
'session required pam_unix2.so',
'session optional pam_umask.so']
if $ensure_vas == 'present' {
$default_pam_auth_lines = [ 'auth required pam_env.so',
'auth sufficient pam_vas3.so create_homedir get_nonvas_pass',
'auth requisite pam_vas3.so echo_return',
'auth required pam_unix2.so use_first_pass']

$default_pam_account_lines = [ 'account sufficient pam_vas3.so',
'account requisite pam_vas3.so echo_return',
'account required pam_unix2.so']

$default_pam_password_lines = [ 'password sufficient pam_vas3.so',
'password requisite pam_vas3.so echo_return',
'password requisite pam_pwcheck.so nullok cracklib',
'password required pam_unix2.so use_authtok nullok']

$default_pam_session_lines = [ 'session required pam_limits.so',
'session required pam_vas3.so create_homedir',
'session requisite pam_vas3.so echo_return',
'session required pam_unix2.so',
'session optional pam_umask.so']
} else {
$default_pam_auth_lines = [ 'auth required pam_env.so',
'auth required pam_unix2.so']

$default_pam_account_lines = [ 'account required pam_unix2.so']

$default_pam_password_lines = [ 'password required pam_pwcheck.so nullok cracklib',
'password required pam_unix2.so nullok use_authtok']

$default_pam_session_lines = [ 'session required pam_limits.so',
'session required pam_unix2.so',
'session optional pam_umask.so']
}
}
default: {
fail("Pam is only supported on Suse 10 and 11. Your lsbmajdistrelease is identified as <${::lsbmajdistrelease}>.")
Expand Down Expand Up @@ -317,7 +361,7 @@
'Solaris': {
case $::kernelrelease {
'5.10': {
$default_pam_auth_lines = ['login auth requisite pam_authtok_get.so.1',
$default_pam_auth_lines = [ 'login auth requisite pam_authtok_get.so.1',
'login auth required pam_dhkeys.so.1',
'login auth required pam_unix_cred.so.1',
'login auth required pam_unix_auth.so.1',
Expand All @@ -331,7 +375,7 @@
$default_pam_account_lines = ['other account requisite pam_roles.so.1',
'other account required pam_unix_account.so.1']

$default_pam_password_lines = ['other password required pam_dhkeys.so.1',
$default_pam_password_lines = [ 'other password required pam_dhkeys.so.1',
'other password requisite pam_authtok_get.so.1',
'other password requisite pam_authtok_check.so.1',
'other password required pam_authtok_store.so.1']
Expand All @@ -340,7 +384,7 @@
}

'5.11': {
$default_pam_auth_lines = ['auth definitive pam_user_policy.so.1',
$default_pam_auth_lines = [ 'auth definitive pam_user_policy.so.1',
'auth requisite pam_authtok_get.so.1',
'auth required pam_dhkeys.so.1',
'auth required pam_unix_auth.so.1',
Expand All @@ -351,7 +395,7 @@
'account required pam_unix_account.so.1',
'account required pam_tsol_account.so.1']

$default_pam_password_lines = ['password definitive pam_user_policy.so.1',
$default_pam_password_lines = [ 'password definitive pam_user_policy.so.1',
'password include pam_authtok_common',
'password required pam_authtok_store.so.1']

Expand Down
6 changes: 3 additions & 3 deletions spec/classes/accesslogin_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
}
end
it do
should include_class('pam')
should contain_class('pam')
should contain_file('access_conf').with({
'ensure' => 'file',
'path' => '/etc/security/access.conf',
Expand Down Expand Up @@ -42,7 +42,7 @@
'class {"pam": allowed_users => ["foo","bar"] }'
end
it do
should include_class('pam')
should contain_class('pam')
should contain_file('access_conf').with({
'ensure' => 'file',
'path' => '/etc/security/access.conf',
Expand Down Expand Up @@ -83,7 +83,7 @@
end

it do
should include_class('pam')
should contain_class('pam')
should contain_file('access_conf').with({
'ensure' => 'file',
'path' => '/custom/security/access.conf',
Expand Down
Loading