Puppet Class: pam::accesslogin

Inherits:
pam
Defined in:
manifests/accesslogin.pp

Summary

Manage login access See PAM_ACCESS(8)

Overview

Examples:

This class is included by the pam class for platforms which use it.

Parameters:

  • access_conf_path (Stdlib::Absolutepath) (defaults to: '/etc/security/access.conf')

    Path to access.conf.

  • access_conf_owner (String) (defaults to: 'root')

    Owner of access.conf.

  • access_conf_group (String) (defaults to: 'root')

    Group of access.conf.

  • access_conf_mode (Stdlib::Filemode) (defaults to: '0644')

    Mode of access.conf.

  • access_conf_template (String) (defaults to: 'pam/access.conf.erb')

    Content template of access.conf.

  • allowed_users (Variant[Array, Hash, String]) (defaults to: $pam::allowed_users)

    String, Array or Hash of strings and/or arrays to configure users and origins in access.conf. The default allows the root user/group from origin ‘ALL’.



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'manifests/accesslogin.pp', line 27

class pam::accesslogin (
  Stdlib::Absolutepath $access_conf_path      = '/etc/security/access.conf',
  String $access_conf_owner                   = 'root',
  String $access_conf_group                   = 'root',
  Stdlib::Filemode $access_conf_mode          = '0644',
  String $access_conf_template                = 'pam/access.conf.erb',
  Variant[Array, Hash, String] $allowed_users = $pam::allowed_users,
) inherits pam {
  # transform $allowed_users into a valid hash
  # origin defaults to 'ALL' if unset
  # if origin is an array, create a space separated list
  case $allowed_users {
    String: {
      $allowed_users_hash = { $allowed_users => 'ALL' }
    }
    Array: {
      $allowed_users_hash = $allowed_users.reduce({}) |$memo, $x| {
        $memo + { $x => 'ALL' }
      }
    }
    default: {
      $allowed_users_hash = $allowed_users.reduce({}) |$memo, $x| {
        $origin = $x[1] ? {
          String  => $x[1],
          Array   => join($x[1], ' '),
          default => 'ALL',
        }
        $memo + { $x[0] => $origin }
      }
    }
  }

  file { 'access_conf':
    ensure  => file,
    path    => $access_conf_path,
    content => template($access_conf_template),
    owner   => $access_conf_owner,
    group   => $access_conf_group,
    mode    => $access_conf_mode,
    require => Package[$pam::package_name],
  }
}