Skip to content

GitLab

Commit f3bdae3a authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

address sudo when debuild is installed

parent c16f492c
Show whitespace changes
Inline Side-by-side
manifests/sudo.pp
View file @ f3bdae3a
...@@ -8,6 +8,9 @@ ...@@ -8,6 +8,9 @@
# $timeout: how long (in minutes) between requiring a new Duo re-auth. # $timeout: how long (in minutes) between requiring a new Duo re-auth.
# Default: 30 # Default: 30
# #
# $debuild: set this true if you need to set up a debuild environment.
# Default: false
#
# Example. # Example.
# To install sudo with no Duo support: # To install sudo with no Duo support:
# #
...@@ -35,6 +38,7 @@ class base::sudo( ...@@ -35,6 +38,7 @@ class base::sudo(
$duo = false, $duo = false,
$duo_sudoers = [], $duo_sudoers = [],
$timeout = 30, $timeout = 30,
$debuild = false,
){ ){
package { 'sudo': package { 'sudo':
ensure => installed ensure => installed
......
templates/sudo/etc/pam.d/sudo.erb
View file @ f3bdae3a
...@@ -14,3 +14,10 @@ account include common-auth ...@@ -14,3 +14,10 @@ account include common-auth
password include common-auth password include common-auth
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
<%- if (@debuild) then -%>
# Instead of including the stock common-session-noninteractive we
# use parts of it, overriding minimum_uid for pam_afs_session
# so that sudo will be able to get AFS tokens (helps with cowbuilder)
session optional pam_krb5.so minimum_uid=1000
session optional pam_afs_session.so minimum_uid=0
<%- end -%>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment