Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
B
base
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Lonlone Lee
base
Commits
91d5cf85
Verified
Commit
91d5cf85
authored
Oct 09, 2018
by
Adam Lewenberg
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
version release/005.012
parent
a39e6384
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
17 additions
and
9 deletions
+17
-9
NEWS
NEWS
+5
-0
manifests/duo/config.pp
manifests/duo/config.pp
+12
-9
No files found.
NEWS
View file @
91d5cf85
release
/
005.012
(
2018
-
10
-
09
)
[
ssh
]
Make
sure
that
the
pam
duo
ssh
file
in
/
etc
/
security
can
only
be
read
by
root
.
[
adamhl
]
release
/
005.011
(
2018
-
06
-
29
)
[
postfix
]
Add
the
parameter
"enable_postfix_compat2"
to
the
...
...
manifests/duo/config.pp
View file @
91d5cf85
# Set up a custom Duo configuration. Note that this class does not _enable_ Duo.
# Instead, this type downloads a common Duo integration, copies it, and then
# Instead, this type downloads a common Duo integration, copies it, and then
# customizes it according to the parameters you specify.
#
# Your client code is responsible for leveraging the configuration, such as by
# Your client code is responsible for leveraging the configuration, such as by
# using PAM.
#
# See base::sudo and base::ssh for services that leverage this class.
...
...
@@ -16,15 +16,15 @@
# wallet_name: the name for the common Duo wallet object. Defaults to the
# fully-qualified domain name of the host.
#
# use_gecos: A boolean, defaults to false. When true, Duo will get the
# username from the GECOS field (known in Puppet as the comment field) in the
# system passwd file. When false, Duo will use the user's username. This is
# used when a user is logging in with an account where their username does not
# use_gecos: A boolean, defaults to false. When true, Duo will get the
# username from the GECOS field (known in Puppet as the comment field) in the
# system passwd file. When false, Duo will use the user's username. This is
# used when a user is logging in with an account where their username does not
# match their Duo username.
#
# fail_secure: A boolean, defaults to false. When false, a Duo timeout will
# cause the Duo authentication to pass, allowing the user to continue logging
# in. When true, a Duo timeout will cause the Duo authentication to fail,
# fail_secure: A boolean, defaults to false. When false, a Duo timeout will
# cause the Duo authentication to pass, allowing the user to continue logging
# in. When true, a Duo timeout will cause the Duo authentication to fail,
# blocking the user from logging in.
define
base::duo::config
(
...
...
@@ -72,6 +72,9 @@ define base::duo::config (
ensure
=>
present
,
source
=>
"/etc/security/pam_duo_
${wallet_name}
.conf"
,
replace
=>
false
,
mode
=>
'0600'
,
owner
=>
'root'
,
group
=>
'root'
,
require
=>
Base
::
Duo
::
Config
::
Common
[
$wallet_name
],
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment