Showing with 338 additions and 67 deletions.
  1. +36 −13 .travis.yml
  2. +7 −3 Gemfile
  3. +1 −1 Modulefile
  4. +2 −1 README.md
  5. +2 −1 Rakefile
  6. +64 −1 manifests/init.pp
  7. +9 −46 metadata.json
  8. +184 −1 spec/classes/init_spec.rb
  9. +18 −0 templates/login.el7.erb
  10. +15 −0 templates/sshd.el7.erb
49 changes: 36 additions & 13 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,39 @@
---
env:
- PUPPET_VERSION=3.3.2
- PUPPET_VERSION=3.4.2
- PUPPET_VERSION=3.5.1
- PUPPET_VERSION=3.6.0
notifications:
email: false
rvm:
- 1.8.7
- 1.9.3
- 2.0.0
language: ruby
before_script: 'gem install --no-ri --no-rdoc bundler'

rvm:
- 1.8.7
- 1.9.3
- 2.0.0
- 2.1.0

env:
matrix:
- PUPPET_GEM_VERSION="~> 3.1.0"
- PUPPET_GEM_VERSION="~> 3.2.0"
- PUPPET_GEM_VERSION="~> 3.3.0"
- PUPPET_GEM_VERSION="~> 3.4.0"
- PUPPET_GEM_VERSION="~> 3.5.1"
- PUPPET_GEM_VERSION="~> 3.6.0"
- PUPPET_GEM_VERSION="~> 3.7.0"

sudo: false

script: 'bundle exec rake validate && bundle exec rake lint && SPEC_OPTS="--format documentation" bundle exec rake spec'
gemfile: Gemfile

matrix:
fast_finish: true
exclude:
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 3.1.0"
- rvm: 2.1.0
env: PUPPET_GEM_VERSION="~> 3.1.0"
- rvm: 2.1.0
env: PUPPET_GEM_VERSION="~> 3.2.0"
- rvm: 2.1.0
env: PUPPET_GEM_VERSION="~> 3.3.0"
- rvm: 2.1.0
env: PUPPET_GEM_VERSION="~> 3.4.0"

notifications:
email: false
10 changes: 7 additions & 3 deletions Gemfile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
source 'https://rubygems.org'

puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3']
gem 'puppet', puppetversion
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end

gem 'puppetlabs_spec_helper', '>= 0.1.0'
gem 'puppet-lint', '>= 0.3.2'
gem 'puppet-lint', '>= 1.0.0'
gem 'facter', '>= 1.7.0'
2 changes: 1 addition & 1 deletion Modulefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'ghoneycutt-pam'
version '2.9.0'
version '2.10.0'
source 'git://github.com/ghoneycutt/puppet-module-pam.git'
author 'ghoneycutt'
license 'Apache License, Version 2.0'
Expand Down
3 changes: 2 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,11 @@ This module manages PAM including accesslogin and limits.conf with functionality

# Compatibility

This module has been tested to work on the following systems using Puppet v3 with Ruby versions 1.8.7, 1.9.3, and 2.0.0.
This module has been tested to work on the following systems using Puppet v3 with Ruby versions 1.8.7, 1.9.3, 2.0.0 and 2.1.0.

* EL 5
* EL 6
* EL 7
* Solaris 9
* Solaris 10
* Solaris 11
Expand Down
3 changes: 2 additions & 1 deletion Rakefile
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.relative = true
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]

desc 'Run puppet in noop mode and check for syntax errors.'
desc 'Validate manifests, templates, and ruby files'
task :validate do
Dir['manifests/**/*.pp'].each do |manifest|
sh "puppet parser validate --noop #{manifest}"
Expand Down
65 changes: 64 additions & 1 deletion manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,8 +184,71 @@
'session required pam_unix.so']
}
}
'7': {
$default_pam_d_login_template = 'pam/login.el7.erb'
$default_pam_d_sshd_template = 'pam/sshd.el7.erb'
$default_package_name = 'pam'

if $ensure_vas == 'present' {
case $vas_major_version {
'4': {
$default_pam_auth_lines = [ 'auth required pam_env.so',
'auth sufficient pam_vas3.so show_lockout_msg get_nonvas_pass',
'auth requisite pam_vas3.so echo_return',
'auth sufficient pam_unix.so nullok try_first_pass use_first_pass',
'auth requisite pam_succeed_if.so uid >= 1000 quiet_success',
'auth required pam_deny.so']
}
default: {
fail("Pam is only supported with vas_major_version 4 on EL7. Your vas_major_version is <${vas_major_version}>.")
}
}

$default_pam_account_lines = [ 'account sufficient pam_vas3.so',
'account requisite pam_vas3.so echo_return',
'account required pam_unix.so',
'account sufficient pam_localuser.so',
'account sufficient pam_succeed_if.so uid < 1000 quiet',
'account required pam_permit.so']

$default_pam_password_lines = [ 'password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=',
'password sufficient pam_vas3.so',
'password requisite pam_vas3.so echo_return',
'password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok',
'password required pam_deny.so']

$default_pam_session_lines = [ 'session optional pam_keyinit.so revoke',
'session required pam_limits.so',
'-session optional pam_systemd.so',
'session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid',
'session required pam_vas3.so show_lockout_msg',
'session requisite pam_vas3.so echo_return',
'session required pam_unix.so']
} else {
$default_pam_auth_lines = [ 'auth required pam_env.so',
'auth sufficient pam_fprintd.so',
'auth sufficient pam_unix.so nullok try_first_pass',
'auth requisite pam_succeed_if.so uid >= 1000 quiet_success',
'auth required pam_deny.so']

$default_pam_account_lines = [ 'account required pam_unix.so',
'account sufficient pam_localuser.so',
'account sufficient pam_succeed_if.so uid < 1000 quiet',
'account required pam_permit.so']

$default_pam_password_lines = [ 'password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=',
'password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok',
'password required pam_deny.so']

$default_pam_session_lines = [ 'session optional pam_keyinit.so revoke',
'session required pam_limits.so',
'-session optional pam_systemd.so',
'session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid',
'session required pam_unix.so']
}
}
default: {
fail("Pam is only supported on EL 5 and 6. Your lsbmajdistrelease is identified as <${::lsbmajdistrelease}>.")
fail("Pam is only supported on EL 5, 6 and 7. Your lsbmajdistrelease is identified as <${::lsbmajdistrelease}>.")
}
}
}
Expand Down
55 changes: 9 additions & 46 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "ghoneycutt-pam",
"version": "2.9.0",
"version": "2.10.0",
"author": "ghoneycutt",
"summary": "Manage PAM",
"license": "Apache License, Version 2.0",
Expand Down Expand Up @@ -28,28 +28,32 @@
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"5",
"6"
"6",
"7"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"5",
"6"
"6",
"7"
]
},
{
"operatingsystem": "OracleLinux",
"operatingsystemrelease": [
"5",
"6"
"6",
"7"
]
},
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
"5",
"6"
"6",
"7"
]
},
{
Expand Down Expand Up @@ -89,47 +93,6 @@
"types": [

],
"checksums": {
"CHANGELOG": "0a5a2276499688d1c10adebf4fd7a734",
"Gemfile": "f184c7cca73bc8169572ab8c48e223bc",
"Gemfile.lock": "873e125e8afe971046172cf5e775871d",
"LICENSE": "567e6cc3941d464d60c74d1f4abd5f46",
"Modulefile": "8571add95d03e21ddcb6e3f90db325db",
"README.md": "b5281f1168d191d70f48b89f33c77629",
"Rakefile": "1cb426d5b98cd8d27b9147563a78ab7c",
"files/limits.conf": "2486c66ab9728a793f068ed060c0df61",
"manifests/accesslogin.pp": "e5dd82ec627fa88a449cf1f46be5077e",
"manifests/init.pp": "f62340f9c308f4460852ef0f8f6f6111",
"manifests/limits/fragment.pp": "6486a3db8487e4817937a08bc3c18a53",
"manifests/limits.pp": "d064d44cdc109e34a3ca2801beba2276",
"manifests/service.pp": "9e97853aff8c57df48c8d01c30424d23",
"spec/classes/accesslogin_spec.rb": "326a485b8a7fad24ce75f0bcfb6f7236",
"spec/classes/init_spec.rb": "7706de29bccb805fba7c15c2c70c1554",
"spec/classes/limits_spec.rb": "0d54b340344855cf7e998b6805e17c54",
"spec/defines/limits/fragment_spec.rb": "19aeaf03de246fa093bba518db62957e",
"spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc",
"templates/access.conf.erb": "6af5fdd9963aa92666df0b01cc937858",
"templates/common-account-pc.erb": "d154847942fffc7ffc32b0ff50ff167f",
"templates/common-auth-pc.erb": "978cdfa44f891a8ff0fb241821234ae4",
"templates/common-password-pc.erb": "0c27eb1892ec5c47ea45aeccb69e62e1",
"templates/common-session-pc.erb": "174e1593dc1233203f631a3b1314039b",
"templates/limits_fragment.erb": "77b74efcaabe248d37fdfdef44c039db",
"templates/login.el5.erb": "4620b35626e60972786c9918a0b8c785",
"templates/login.el6.erb": "29ff08f4ad171f7e8fec322adc5e6b7e",
"templates/login.suse10.erb": "2671d53ddd752b460824d85fb5fca117",
"templates/login.suse11.erb": "a0048dd6e06b22dfb67ef6a8b3993622",
"templates/login.suse9.erb": "bb25c062346aecacfd1f7d35489488ff",
"templates/login.ubuntu12.erb": "9132227aa9395a2eae0a3a06e976fff5",
"templates/pam.conf.erb": "69dd0a7e44d4edd6bd473748522144f1",
"templates/sshd.el5.erb": "f05cbf5af26c88985db2903fd5783980",
"templates/sshd.el6.erb": "875e7b232894cf1b8376e60a9942252a",
"templates/sshd.suse10.erb": "02c48dd13be8a686bfa8e9edce4781c7",
"templates/sshd.suse11.erb": "cf067eb979b671aa3831a4fcf5ccd286",
"templates/sshd.suse9.erb": "2f1b94f03d8e73acf9458e3b90ade3f3",
"templates/sshd.ubuntu12.erb": "6553874362b469944fbf1bc9f6845195",
"templates/system-auth-ac.erb": "69dd0a7e44d4edd6bd473748522144f1",
"tests/init.pp": "1b580110b1308350f9b09e1bbca0551e"
},
"dependencies": [
{"name":"ghoneycutt/common","version_requirement":">= 1.0.2"},
{"name":"ghoneycutt/nsswitch","version_requirement":">= 1.1.0"},
Expand Down
Loading