Allow specification of wallet object name

Allow specification of the name of the wallet object.  This allows
duo to be used on a cluster of systems without requiring a duo
integration for each host.

NEWS

+release/001.005 (2015-04-07)
+
+    Allow specification of the name of the wallet object.  This allows 
+    duo to be used on a cluster of systems without requiring a duo
+    integration for each host.  (whm)
+
 release/001.004 (2015-03-13)
 
     Correct host reference in wallet resource in the pam_duo::gssapi

manifests/gssapi.pp

@@ -8,7 +8,8 @@
 # expected that this will ever need to be specified.
 
 class pam_duo::gssapi (
-  $port = ['22', '44']
+  $port        = ['22', '44'],
+  $wallet_name = $::fqdn
 ) {
 
   class { 'pam_duo::gssapi::ssh': port => $port }
@@ -34,10 +35,9 @@ class pam_duo::gssapi (
     source => "$etc/pam.d/sshd_gssapi",
   }
 
-  # Install the duo configuration.  Right now this object must be
-  # pre-created.  The object is not written to the default loaction
-  # because base::wallet will not over write the configuration file
-  # supplied with the package install.
+  # Install the duo configuration.  The object is not written to the
+  # default loaction because base::wallet will not over write the
+  # configuration file supplied with the package install.
   base::wallet { $::fqdn_lc:
     ensure  => present,
     type    => 'duo-pam',

manifests/init.pp

@@ -6,9 +6,28 @@
 #
 # While the define does accept the fdqn for the host it is not
 # expected that this will ever need to be specified.
+#
+# Examples
+#
+# The simplest way to use the pam_duo class is to just include it.
+# This pulls the DUO integration down using wallet and associated
+# with the host.
+#
+#  include pam_duo
+#
+# For clusters creating a DUO integration for each host is over kill.
+# The following example specifies a cluster name for the wallet
+# object and allows ssh connections to ports 22 and 44.
+#
+#  class { 'pam_duo':
+#    port        => ['22', '44'],
+#    wallet_name => 'host/cluster.stanford.edu',
+#  }
+
 
 class pam_duo (
-  $port = ['22']
+  $port        = ['22'],
+  $wallet_name = $::fqdn
 ) {
   class { 'pam_duo::ssh': port => $port }
 
@@ -41,11 +60,10 @@ class pam_duo (
     source => "$etc/pam.d/sshd_both",
   }
 
-  # Install the duo configuration.  Right now this object must be
-  # pre-created.  The object is not written to the default loaction
-  # because base::wallet will not over write the configuration file
-  # supplied with the package install.
-  base::wallet { $::fqdn_lc:
+  # Install the duo configuration.  The object is not written to the
+  # default loaction because base::wallet will not over write the
+  # configuration file supplied with the package install.
+  base::wallet { $wallet_name:
     ensure  => present,
     type    => 'duo-pam',
     path    => '/etc/security/pam_duo_su.conf',

manifests/password.pp

@@ -15,7 +15,8 @@
 #     class { 'pam_duo::password': port => '22,44' }
 
 class pam_duo::password (
-  $port = ['22', '44']
+  $port        = ['22', '44'],
+  $wallet_name = $::fqdn
 ) {
   class { 'pam_duo::password::ssh': port => $port }
 
@@ -40,10 +41,9 @@ class pam_duo::password (
     source => "$etc/pam.d/sshd_password",
   }
 
-  # Install the duo configuration.  Right now this object must be
-  # pre-created.  The object is not written to the default loaction
-  # because base::wallet will not over write the configuration file
-  # supplied with the package install.
+  # Install the duo configuration.  The object is not written to the
+  # default loaction because base::wallet will not over write the
+  # configuration file supplied with the package install.
   base::wallet { $::fqdn_lc:
     ensure  => present,
     type    => 'duo-pam',