From 9c4e16f052047bf05efdec6f475e99aa8b527eff Mon Sep 17 00:00:00 2001
From: Karl Kornel <akkornel@stanford.edu>
Date: Mon, 7 Dec 2015 17:02:55 -0800
Subject: [PATCH] Stop overriding common PAM files with Debian jessie.

Debian jessie introduced pam-auth-update, which packages call when they have
bits of common PAM configuration.
---
 NEWS                    |  4 ++++
 manifests/pam/debian.pp | 28 ++++++++++++++++------------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/NEWS b/NEWS
index 28330fd..e7d9b87 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+UNRELEASED
+
+    [pam] Stop overriding common PAM files with Debian jessie. (akkornel)
+
 release/004.056 (2015-11-05)
 
     [sudo] Add an option to support sudo-with-Duo. (adamhl)
diff --git a/manifests/pam/debian.pp b/manifests/pam/debian.pp
index dfbdbd4..7d96a8a 100644
--- a/manifests/pam/debian.pp
+++ b/manifests/pam/debian.pp
@@ -5,18 +5,22 @@
 class base::pam::debian {
   package { 'libpam-krb5': ensure => present }
   package { 'libpam-afs-session': ensure => present }
-  file {
-    '/etc/pam.d/common-auth':
-      source  => 'puppet:///modules/base/pam/etc/pam.d/common-auth',
-      require => [ Package['libpam-afs-session'],
-                   Package['libpam-krb5'] ];
-   '/etc/pam.d/common-account':
-      source  => 'puppet:///modules/base/pam/etc/pam.d/common-account',
-      require => [ Package['libpam-krb5'] ];
-   '/etc/pam.d/common-session':
-      source  => 'puppet:///modules/base/pam/etc/pam.d/common-session',
-      require => [ Package['libpam-afs-session'],
-                   Package['libpam-krb5'] ];
+
+  # Starting with Debian jessie, pam-auth-update manages the common PAM files.
+  if ($::lsdbmajdistrelease < 8) {
+    file {
+      '/etc/pam.d/common-auth':
+        source  => 'puppet:///modules/base/pam/etc/pam.d/common-auth',
+        require => [ Package['libpam-afs-session'],
+                     Package['libpam-krb5'] ];
+     '/etc/pam.d/common-account':
+        source  => 'puppet:///modules/base/pam/etc/pam.d/common-account',
+        require => [ Package['libpam-krb5'] ];
+     '/etc/pam.d/common-session':
+        source  => 'puppet:///modules/base/pam/etc/pam.d/common-session',
+        require => [ Package['libpam-afs-session'],
+                     Package['libpam-krb5'] ];
+    }
   }
 }
 
-- 
GitLab