Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 7.0.0
- CentOS,RedHat,Debian,Ubuntu
Start using this module
Add this module to your Puppetfile:
mod 'iu-duo_unix', '0.1.0'Learn more about managing modules with a PuppetfileDocumentation
duo_unix
The duo_unix module handles the deployment of duo_unix (login_duo or
pam_duo) across a range of Linux distributions. The module will handle
repository dependencies, installation of the duo_unix package, configuration
of OpenSSH, and PAM alterations as needed.
For further information about duo_unix, view the official documentation.
Table of Contents
- Description
- Setup - The basics of getting started with duo_unix
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
Description
The duo_unix Puppet module installs and manages duo_unix (login_duo or pam_duo).
This module is meant to be a drop-in replacement for the abandoned official puppet module.
Setup
What duo_unix affects
This module will add the official Duo Inc. repository. It will also then install the appropriate package(s) for your system.
It will also optionally alter some files on your system to help ensure that user login attempts will correctly require Duo to succeed.
If usage is set to login, it will set the following directives in
/etc/ssh/sshd_config
ForceCommand /usr/sbin/login_duo
PermitTunnel no
AllowTcpForwarding no
If usage is set to pam, it will alter your pam config. Those changes are
distribution-specific. To see exactly what is changed, please refer to the
manifests/pam_config.pp file.
Setup Requirements
This module requires some additional modules, but it is highly likely that they are already installed on your puppet server. They are as follows:
puppetlabs/apt6.0 - 7.0puppetlabs/augeas_core1.0 - 2.0puppetlabs/stdlib5.0 - 6.0puppetlabs/translate1.0 - 2.0puppetlabs/yumrepo_core1.0 - 2.0
Beginning with duo_unix
The very basic steps needed for a user to get the module up and running. This can include setup steps, if necessary, or it can be an example of the most basic use of the module.
Usage
class { 'duo_unix':
usage => 'login',
ikey => 'your integration key',
skey => 'your secret key',
host => 'api-yourhost.duosecurity.com',
motd => 'yes',
}
Limitations
In the past the official Duo module supported various RedHat derivatives. This module currently makes no attempt to support them.
Dependencies
- puppetlabs/apt (>= 6.0 < 7.0)
- puppetlabs/augeas_core (>= 1.0 < 2.0)
- puppetlabs/stdlib (>= 5.0 < 6.0)
- puppetlabs/translate (>= 1.0 < 2.0)
- puppetlabs/yumrepo_core (>= 1.0 < 2.0)
BSD 3-Clause License Copyright (c) 2019, Indiana University All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.