Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
B
base
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Lonlone Lee
base
Commits
85a59b42
Verified
Commit
85a59b42
authored
Oct 24, 2017
by
Adam Lewenberg
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
changes to allow absence of base::pam
parent
42b42808
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
84 additions
and
57 deletions
+84
-57
NEWS
NEWS
+5
-0
manifests/pam/debian.pp
manifests/pam/debian.pp
+40
-57
manifests/pam/debian/ldap.pp
manifests/pam/debian/ldap.pp
+39
-0
No files found.
NEWS
View file @
85a59b42
...
...
@@ -17,6 +17,11 @@ release/005.010 (2017-10-02)
off
-
campus
Instead
,
just
have
everything
go
through
smtp
.
stanford
.
edu
(
which
still
has
an
on
-
campus
presence
).
[
akkornel
]
[
pam
]
Add
"ensure"
parameter
to
base
::
pam
::
debian
to
allow
the
non
-
installation
of
some
Kerberos
-
related
PAM
packages
in
the
special
case
of
non
-
production
Kerberos
servers
not
synced
with
production
Kerberos
environment
.
[
adamhl
]
release
/
005.009
(
2017
-
07
-
07
)
[
ntp
]
Push
"tinker-panic 0"
to
the
top
of
the
ntp
.
conf
file
to
help
...
...
manifests/pam/debian.pp
View file @
85a59b42
...
...
@@ -2,64 +2,47 @@
# Sets up basic PAM configuration for Debian, separated out from the original
# kerberos configuration.
class
base::pam::debian
{
package
{
'libpam-krb5'
:
ensure
=>
present
}
package
{
'libpam-afs-session'
:
ensure
=>
present
}
# Starting with Debian jessie, pam-auth-update manages the common PAM files.
if
(
$::lsbmajdistrelease
<
8
)
{
file
{
'/etc/pam.d/common-auth'
:
source
=>
'puppet:///modules/base/pam/etc/pam.d/common-auth'
,
require
=>
[
Package
[
'libpam-afs-session'
],
Package
[
'libpam-krb5'
]
];
'/etc/pam.d/common-account'
:
source
=>
'puppet:///modules/base/pam/etc/pam.d/common-account'
,
require
=>
[
Package
[
'libpam-krb5'
]
];
'/etc/pam.d/common-session'
:
source
=>
'puppet:///modules/base/pam/etc/pam.d/common-session'
,
require
=>
[
Package
[
'libpam-afs-session'
],
Package
[
'libpam-krb5'
]
];
class
base::pam::debian
(
$ensure
=
'present'
,
){
if
(
$ensure
==
'present'
)
{
package
{
'libpam-krb5'
:
ensure
=>
present
}
package
{
'libpam-afs-session'
:
ensure
=>
present
}
# Starting with Debian jessie, pam-auth-update manages the common PAM files.
if
(
$::lsbmajdistrelease
<
8
)
{
file
{
'/etc/pam.d/common-auth'
:
source
=>
'puppet:///modules/base/pam/etc/pam.d/common-auth'
,
require
=>
[
Package
[
'libpam-afs-session'
],
Package
[
'libpam-krb5'
]
];
'/etc/pam.d/common-account'
:
source
=>
'puppet:///modules/base/pam/etc/pam.d/common-account'
,
require
=>
[
Package
[
'libpam-krb5'
]
];
'/etc/pam.d/common-session'
:
source
=>
'puppet:///modules/base/pam/etc/pam.d/common-session'
,
require
=>
[
Package
[
'libpam-afs-session'
],
Package
[
'libpam-krb5'
]
];
}
}
}
elsif
(
$ensure
==
'absent'
)
{
package
{
'libpam-krb5'
:
ensure
=>
absent
}
package
{
'libpam-afs-session'
:
ensure
=>
absent
}
# Starting with Debian jessie, pam-auth-update manages the common PAM files.
if
(
$::lsbmajdistrelease
<
8
)
{
file
{
'/etc/pam.d/common-auth'
:
ensure
=>
absent
}
file
{
'/etc/pam.d/common-account'
:
ensure
=>
absent
}
file
{
'/etc/pam.d/common-session'
:
ensure
=>
absent
}
}
}
else
{
fail
(
"ensure parameter must be either 'present' or 'absent'"
)
}
}
# FIXME: move libpam-foreground and config (in pam.d/global/common-session)
# to the timeshare class, or something similar
class
base::pam::debian::ldap
inherits
base::pam::debian
{
package
{
'libpam-ldap'
:
ensure
=>
'present'
;
'libnss-ldap'
:
ensure
=>
'present'
;
'libpam-openafs-kaserver'
:
ensure
=>
'absent'
;
}
# A lot of this stuff is taken from s_timeshare, which is where it was
# originally implemented.
file
{
'/etc/ldap.conf'
:
source
=>
'puppet:///modules/base/pam/etc/ldap.conf'
;
'/etc/libnss-ldap.conf'
:
source
=>
'puppet:///modules/base/pam/etc/libnss-ldap.conf'
;
'/etc/nsswitch.conf'
:
source
=>
'puppet:///modules/base/pam/etc/nsswitch.conf'
;
'/etc/pam.d/common-password'
:
source
=>
'puppet:///modules/base/pam/etc/pam.d/global/common-password'
,
require
=>
[
Package
[
'libpam-krb5'
]
];
'/etc/pam_ldap.conf'
:
source
=>
'puppet:///modules/base/pam/etc/pam_ldap.conf'
;
}
File
[
'/etc/pam.d/common-account'
]
{
source
=>
'puppet:///modules/base/pam/etc/pam.d/global/common-account'
}
File
[
'/etc/pam.d/common-auth'
]
{
source
=>
'puppet:///modules/base/pam/etc/pam.d/global/common-auth'
}
File
[
'/etc/pam.d/common-session'
]
{
source
=>
'puppet:///modules/base/pam/etc/pam.d/global/common-session'
}
}
manifests/pam/debian/ldap.pp
0 → 100644
View file @
85a59b42
# FIXME: move libpam-foreground and config (in pam.d/global/common-session)
# to the timeshare class, or something similar
class
base::pam::debian::ldap
inherits
base::pam::debian
{
package
{
'libpam-ldap'
:
ensure
=>
'present'
;
'libnss-ldap'
:
ensure
=>
'present'
;
'libpam-openafs-kaserver'
:
ensure
=>
'absent'
;
}
# A lot of this stuff is taken from s_timeshare, which is where it was
# originally implemented.
file
{
'/etc/ldap.conf'
:
source
=>
'puppet:///modules/base/pam/etc/ldap.conf'
;
'/etc/libnss-ldap.conf'
:
source
=>
'puppet:///modules/base/pam/etc/libnss-ldap.conf'
;
'/etc/nsswitch.conf'
:
source
=>
'puppet:///modules/base/pam/etc/nsswitch.conf'
;
'/etc/pam.d/common-password'
:
source
=>
'puppet:///modules/base/pam/etc/pam.d/global/common-password'
,
require
=>
[
Package
[
'libpam-krb5'
]
];
'/etc/pam_ldap.conf'
:
source
=>
'puppet:///modules/base/pam/etc/pam_ldap.conf'
;
}
File
[
'/etc/pam.d/common-account'
]
{
source
=>
'puppet:///modules/base/pam/etc/pam.d/global/common-account'
}
File
[
'/etc/pam.d/common-auth'
]
{
source
=>
'puppet:///modules/base/pam/etc/pam.d/global/common-auth'
}
File
[
'/etc/pam.d/common-session'
]
{
source
=>
'puppet:///modules/base/pam/etc/pam.d/global/common-session'
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment