A Puppet module for managing PAM

Johan Lyheden



8,223 latest version

4.6 quality score

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Sep 21st 2015
This version is compatible with:
  • Debian

Start using this module

Tags: pam


jpl/pam — version 0.2.0 Sep 21st 2015

Module: pam

Build Status

This is the Puppet module for managing PAM - Pluggable Authentication Module.


Usage: pam

The base pam module is not particularly useful, it ensures that the base pam packages are installed - which they are by default anyway.

include pam

Usage: pam ldap

To install the ldap pam packages and enable them in the system pam configuration section:

include pam::ldap

Usage: pam mkhomedir

To enable automatic creation of user home directories:

include pam::mkhomedir

Custom settings can be provided for umask and skeleton directory:

class { 'pam::mkhomedir':
    ensure => present,
    umask  => '0022',
    skel   => '/etc/skel'

Usage: pam access

To control server access via the PAM access module:

include pam::access

Custom settings can be applied, like delimiter character (which is useful when handling groups with whitespaces - Domain Admins for example), and other settings. See access.pp for details:

class { 'pam::access':
    ensure     => present,
    accessfile => '/etc/security/access.conf',
    debug      => true,
    listsep    => ',',

To manage individual access entries in access.conf:

pam::access::entry { 'allow_domain_users_group':
    ensure      => present,
    object      => 'Domain Users',
    object_type => 'group',
    permission  => 'allow',
    origins     => 'ALL',