Newer
Older
# Set up Duo. Note that this class does not _enable_ Duo for any service,
# rather, it simply downloads the pam_duo software and the appropriate
# wallet files that allow Duo to be used.
# See base::sudo and base::ssh for services that leverage this class.
# wallet_name: the name for the duo wallet object. Defaults to the
# fully-qualified domain name of the host.
class base::duo(
$wallet_name = $::fqdn
){
# Pull in Duo's PAM integration package
package { 'libpam-duo': ensure => present }
# Install the duo configuration. The object is not written to the
# default loaction because base::wallet will not overwrite the
# configuration file supplied with the package install.
$wallet_name_downcase = downcase($wallet_name)
base::wallet { $wallet_name_downcase:
ensure => present,
type => 'duo-pam',
path => '/etc/security/pam_duo_su.conf',
require => Package['libpam-duo'],
}
}