Forge Home

pam

A Puppet module for managing PAM

9,649 downloads

8,974 latest version

4.6 quality score

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Sep 21st 2015
This version is compatible with:
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jpl-pam', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jpl-pam
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jpl-pam --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: pam

Documentation

jpl/pam — version 0.2.0 Sep 21st 2015

Module: pam

Build Status

This is the Puppet module for managing PAM - Pluggable Authentication Module.

Dependencies

Usage: pam

The base pam module is not particularly useful, it ensures that the base pam packages are installed - which they are by default anyway.

include pam

Usage: pam ldap

To install the ldap pam packages and enable them in the system pam configuration section:

include pam::ldap

Usage: pam mkhomedir

To enable automatic creation of user home directories:

include pam::mkhomedir

Custom settings can be provided for umask and skeleton directory:

class { 'pam::mkhomedir':
    ensure => present,
    umask  => '0022',
    skel   => '/etc/skel'
}

Usage: pam access

To control server access via the PAM access module:

include pam::access

Custom settings can be applied, like delimiter character (which is useful when handling groups with whitespaces - Domain Admins for example), and other settings. See access.pp for details:

class { 'pam::access':
    ensure     => present,
    accessfile => '/etc/security/access.conf',
    debug      => true,
    listsep    => ',',
}

To manage individual access entries in access.conf:

pam::access::entry { 'allow_domain_users_group':
    ensure      => present,
    object      => 'Domain Users',
    object_type => 'group',
    permission  => 'allow',
    origins     => 'ALL',
}