pam.pp 882 Bytes
Newer Older
Adam Lewenberg's avatar
Adam Lewenberg committed
1
2
3
4
5
6
# Install /etc/pam.d/sshd.

# If $pam_duo is set to true, use a pam stack that requires Duo for
# regular logins.
#
# Currently, only Debian is supported when $pam_duo is true.
7
8
9
#
# If you are using the SLURM job scheduler, setting $pam_slurm to true will
# cause user logins to be rejected unless they have a valid job allocation.
Adam Lewenberg's avatar
Adam Lewenberg committed
10
11

class ssh::pam (
12
13
14
  $pam_afs   = true,
  $pam_duo   = false,
  $pam_slurm = false
Adam Lewenberg's avatar
Adam Lewenberg committed
15
16
17
18
19
20
21
22
23
24
25
26
){

  # Configure PAM for sshd on RHEL 6.
  if ($::lsbdistcodename == 'santiago') {
    file { '/etc/pam.d/sshd':
      ensure => link,
      target => '/etc/pam.d/system-auth',
    }
  } elsif ($pam_duo) {
    if ($::osfamily =~ /Debian/) {
      file {'/etc/pam.d/sshd':
        ensure => present,
27
        content => template('base/ssh/etc/pam.d/sshd.erb'),
Adam Lewenberg's avatar
Adam Lewenberg committed
28
29
30
31
32
33
      }
    } else {
      fail("cannot call ssh::pam with pam_duo true under OS '$::osfamily'")
    }
  }
}