Commit f3bdae3a authored by Adam Lewenberg's avatar Adam Lewenberg

address sudo when debuild is installed

parent c16f492c
......@@ -8,6 +8,9 @@
# $timeout: how long (in minutes) between requiring a new Duo re-auth.
# Default: 30
#
# $debuild: set this true if you need to set up a debuild environment.
# Default: false
#
# Example.
# To install sudo with no Duo support:
#
......@@ -35,6 +38,7 @@ class base::sudo(
$duo = false,
$duo_sudoers = [],
$timeout = 30,
$debuild = false,
){
package { 'sudo':
ensure => installed
......
......@@ -14,3 +14,10 @@ account include common-auth
password include common-auth
session optional pam_keyinit.so revoke
session required pam_limits.so
<%- if (@debuild) then -%>
# Instead of including the stock common-session-noninteractive we
# use parts of it, overriding minimum_uid for pam_afs_session
# so that sudo will be able to get AFS tokens (helps with cowbuilder)
session optional pam_krb5.so minimum_uid=1000
session optional pam_afs_session.so minimum_uid=0
<%- end -%>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment