Skip to content
Snippets Groups Projects
Commit f3bdae3a authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

address sudo when debuild is installed

parent c16f492c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
manifests/sudo.pp
+ 4
0
View file @ f3bdae3a
...@@ -8,6 +8,9 @@ ...@@ -8,6 +8,9 @@
# $timeout: how long (in minutes) between requiring a new Duo re-auth. # $timeout: how long (in minutes) between requiring a new Duo re-auth.
# Default: 30 # Default: 30
# #
# $debuild: set this true if you need to set up a debuild environment.
# Default: false
#
# Example. # Example.
# To install sudo with no Duo support: # To install sudo with no Duo support:
# #
...@@ -35,6 +38,7 @@ class base::sudo( ...@@ -35,6 +38,7 @@ class base::sudo(
$duo = false, $duo = false,
$duo_sudoers = [], $duo_sudoers = [],
$timeout = 30, $timeout = 30,
$debuild = false,
){ ){
package { 'sudo': package { 'sudo':
ensure => installed ensure => installed
......
templates/sudo/etc/pam.d/sudo.erb
+ 7
0
View file @ f3bdae3a
...@@ -14,3 +14,10 @@ account include common-auth ...@@ -14,3 +14,10 @@ account include common-auth
password include common-auth password include common-auth
session optional pam_keyinit.so revoke session optional pam_keyinit.so revoke
session required pam_limits.so session required pam_limits.so
<%- if (@debuild) then -%>
# Instead of including the stock common-session-noninteractive we
# use parts of it, overriding minimum_uid for pam_afs_session
# so that sudo will be able to get AFS tokens (helps with cowbuilder)
session optional pam_krb5.so minimum_uid=1000
session optional pam_afs_session.so minimum_uid=0
<%- end -%>
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment