version release/005.012

parent a39e6384
release/005.012 (2018-10-09)
[ssh] Make sure that the pam duo ssh file in /etc/security can only
be read by root. [adamhl]
release/005.011 (2018-06-29)
[postfix] Add the parameter "enable_postfix_compat2" to the
......
# Set up a custom Duo configuration. Note that this class does not _enable_ Duo.
# Instead, this type downloads a common Duo integration, copies it, and then
# Instead, this type downloads a common Duo integration, copies it, and then
# customizes it according to the parameters you specify.
#
# Your client code is responsible for leveraging the configuration, such as by
# Your client code is responsible for leveraging the configuration, such as by
# using PAM.
#
# See base::sudo and base::ssh for services that leverage this class.
......@@ -16,15 +16,15 @@
# wallet_name: the name for the common Duo wallet object. Defaults to the
# fully-qualified domain name of the host.
#
# use_gecos: A boolean, defaults to false. When true, Duo will get the
# username from the GECOS field (known in Puppet as the comment field) in the
# system passwd file. When false, Duo will use the user's username. This is
# used when a user is logging in with an account where their username does not
# use_gecos: A boolean, defaults to false. When true, Duo will get the
# username from the GECOS field (known in Puppet as the comment field) in the
# system passwd file. When false, Duo will use the user's username. This is
# used when a user is logging in with an account where their username does not
# match their Duo username.
#
# fail_secure: A boolean, defaults to false. When false, a Duo timeout will
# cause the Duo authentication to pass, allowing the user to continue logging
# in. When true, a Duo timeout will cause the Duo authentication to fail,
# fail_secure: A boolean, defaults to false. When false, a Duo timeout will
# cause the Duo authentication to pass, allowing the user to continue logging
# in. When true, a Duo timeout will cause the Duo authentication to fail,
# blocking the user from logging in.
define base::duo::config (
......@@ -72,6 +72,9 @@ define base::duo::config (
ensure => present,
source => "/etc/security/pam_duo_${wallet_name}.conf",
replace => false,
mode => '0600',
owner => 'root',
group => 'root',
require => Base::Duo::Config::Common[$wallet_name],
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment