Newer
Older
# Install /etc/pam.d/sshd.
# If $pam_duo is set to true, use a pam stack that requires Duo for
# regular logins.
#
# Currently, only Debian is supported when $pam_duo is true.
class ssh::pam (
$pam_duo = false
){
# Configure PAM for sshd on RHEL 6.
if ($::lsbdistcodename == 'santiago') {
file { '/etc/pam.d/sshd':
ensure => link,
target => '/etc/pam.d/system-auth',
}
} elsif ($pam_duo) {
if ($::osfamily =~ /Debian/) {
file {'/etc/pam.d/sshd':
ensure => present,
content => template('base/ssh/etc/pam.d/sshd.erb'),
}
} else {
fail("cannot call ssh::pam with pam_duo true under OS '$::osfamily'")
}
}
}