Puppet Class: pam::pwquality

Defined in:

manifests/pwquality.pp

Summary

Manage pwquality.conf

Overview

Examples:

This class is included by the pam class for platforms which use it.

Parameters:

• config_file (Stdlib::Absolutepath) (defaults to: '/etc/security/pwquality.conf') —

  Path to pwquality.conf.

• config_file_owner (String[1]) (defaults to: 'root') —

  Owner for pwquality.conf

• config_file_group (String[1]) (defaults to: 'root') —

  Group for pwquality.conf

• config_file_mode (Stdlib::Filemode) (defaults to: '0644') —

  Mode for config_file.

• config_file_source (Optional[Stdlib::Filesource]) (defaults to: undef) —

  String with source path to a pwquality.conf

• config_file_template (String[1]) (defaults to: 'pam/pwquality.conf.erb') —

  Template to render pwquality.conf

• config_d_dir (Stdlib::Absolutepath) (defaults to: '/etc/security/pwquality.conf.d') —

  Path to pwquality.conf.d directory.

• config_d_dir_owner (String[1]) (defaults to: 'root') —

  Owner for pwquality.conf.d

• config_d_dir_group (String[1]) (defaults to: 'root') —

  Group for pwquality.conf.d

• config_d_dir_mode (Stdlib::Filemode) (defaults to: '0755') —

  Mode for pwquality.conf.d

• purge_config_d_dir (Boolean) (defaults to: true) —

  Boolean to purge the pwquality.conf.d directory.

• purge_config_d_dir_ignore (Optional[Variant[String[1], Array[String[1]]]]) (defaults to: undef) —

  A glob or array of file names to ignore when purging pwquality.conf.d

• difok (Integer[0]) (defaults to: 1) —

  The pwquality.conf ‘difok’ option

• minlen (Integer[6]) (defaults to: 8) —

  The pwquality.conf ‘minlen’ option

• dcredit (Integer) (defaults to: 0) —

  The pwquality.conf ‘dcredit’ option

• ucredit (Integer) (defaults to: 0) —

  The pwquality.conf ‘ucredit’ option

• lcredit (Integer) (defaults to: 0) —

  The pwquality.conf ‘lcredit’ option

• ocredit (Integer) (defaults to: 0) —

  The pwquality.conf ‘ocredit’ option

• minclass (Integer[0]) (defaults to: 0) —

  The pwquality.conf ‘minclass’ option

• maxrepeat (Integer[0]) (defaults to: 0) —

  The pwquality.conf ‘maxrepeat’ option

• maxsequence (Integer[0]) (defaults to: 0) —

  The pwquality.conf ‘maxsequence’ option

• maxclassrepeat (Integer[0]) (defaults to: 0) —

  The pwquality.conf ‘maxclassrepeat’ option

• gecoscheck (Integer[0]) (defaults to: 0) —

  The pwquality.conf ‘gecoscheck’ option

• dictcheck (Integer[0]) (defaults to: 1) —

  The pwquality.conf ‘dictcheck’ option

• usercheck (Integer[0]) (defaults to: 1) —

  The pwquality.conf ‘usercheck’ option

• usersubstr (Integer[0]) (defaults to: 0) —

  The pwquality.conf ‘usersubstr’ option

• enforcing (Integer[0]) (defaults to: 1) —

  The pwquality.conf ‘enforcing’ option

• badwords (Optional[Array[String[1]]]) (defaults to: undef) —

  The pwquality.conf ‘badwords’ option

• dictpath (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

  The pwquality.conf ‘dictpath’ option

• retry (Integer[0]) (defaults to: 1) —

  The pwquality.conf ‘retry’ option

• enforce_for_root (Optional[Boolean]) (defaults to: undef) —

  The pwquality.conf ‘enforce_for_root’ option

• local_users_only (Optional[Boolean]) (defaults to: undef) —

  The pwquality.conf ‘local_users_only’ option

# File 'manifests/pwquality.pp', line 72

class pam::pwquality (
  Stdlib::Absolutepath $config_file = '/etc/security/pwquality.conf',
  String[1] $config_file_owner = 'root',
  String[1] $config_file_group = 'root',
  Stdlib::Filemode $config_file_mode = '0644',
  Optional[Stdlib::Filesource] $config_file_source = undef,
  String[1] $config_file_template = 'pam/pwquality.conf.erb',
  Stdlib::Absolutepath $config_d_dir = '/etc/security/pwquality.conf.d',
  String[1] $config_d_dir_owner = 'root',
  String[1] $config_d_dir_group = 'root',
  Stdlib::Filemode $config_d_dir_mode = '0755',
  Boolean $purge_config_d_dir = true,
  Optional[Variant[String[1], Array[String[1]]]] $purge_config_d_dir_ignore = undef,
  Integer[0] $difok = 1,
  Integer[6] $minlen = 8,
  Integer $dcredit = 0,
  Integer $ucredit = 0,
  Integer $lcredit = 0,
  Integer $ocredit = 0,
  Integer[0] $minclass = 0,
  Integer[0] $maxrepeat = 0,
  Integer[0] $maxsequence = 0,
  Integer[0] $maxclassrepeat = 0,
  Integer[0] $gecoscheck = 0,
  Integer[0] $dictcheck = 1,
  Integer[0] $usercheck = 1,
  Integer[0] $usersubstr = 0,
  Integer[0] $enforcing = 1,
  Optional[Array[String[1]]] $badwords = undef,
  Optional[Stdlib::Absolutepath] $dictpath = undef,
  Integer[0] $retry = 1,
  Optional[Boolean] $enforce_for_root = undef,
  Optional[Boolean] $local_users_only = undef,
) {
  include pam

  if $config_file_source {
    $_config_file_content = undef
  } else {
    $_config_file_content = template($config_file_template)
  }

  file { 'pwquality.conf':
    ensure  => 'file',
    path    => $config_file,
    owner   => $config_file_owner,
    group   => $config_file_group,
    mode    => $config_file_mode,
    source  => $config_file_source,
    content => $_config_file_content,
    require => Package[$pam::package_name],
  }

  file { 'pwquality.conf.d':
    ensure  => 'directory',
    path    => $config_d_dir,
    owner   => $config_d_dir_owner,
    group   => $config_d_dir_group,
    mode    => $config_d_dir_mode,
    purge   => $purge_config_d_dir,
    recurse => $purge_config_d_dir,
    ignore  => $purge_config_d_dir_ignore,
    require => Package[$pam::package_name],
  }
}