Defined Type: pam::service

Defined in:
manifests/service.pp

Summary

Manage PAM file for specific service. The `pam::service` resource is

Overview

reversible, so that any service that Puppet has locked using PAM can be unlocked by setting the resource ensure to absent and waiting for the next puppet run.

Examples:

pam::service { 'sudo':
  content => 'auth     required       pam_unix2.so',
}

Parameters:

  • ensure (Enum['present', 'absent']) (defaults to: 'present')

    Specifies if a PAM service file should (present) or should not (absent) exist. The default is set to ‘present’

  • pam_config_dir (Stdlib::Absolutepath) (defaults to: '/etc/pam.d')

    Path to PAM files.

  • content (Optional[String]) (defaults to: undef)

    Content of the PAM file for the service. The content and lines parameters are mutually exclusive. Not setting either of these parameters will result in an empty service definition file.

  • lines (Optional[Array]) (defaults to: undef)

    Provides content for the PAM service file as an array of lines. The content and lines parameters are mutually exclusive. Not setting either of these parameters will result in an empty service definition file.



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'manifests/service.pp', line 28

define pam::service (
  Enum['present', 'absent'] $ensure     = 'present',
  Stdlib::Absolutepath $pam_config_dir  = '/etc/pam.d',
  Optional[String] $content             = undef,
  Optional[Array] $lines                = undef
) {
  include pam

  case $ensure {
    'present': {
      $file_ensure = 'file'
    }
    default: {
      $file_ensure = 'absent'
    }
  }

  if $content and $lines {
    fail('pam::service expects one of the lines or contents parameters to be provided, but not both')
  } elsif $content {
    $my_content = $content
  } elsif $lines {
    $my_content = template('pam/service.erb')
  } else {
    $my_content = undef
  }

  file { "pam.d-service-${name}":
    ensure  => $file_ensure,
    path    => "${pam_config_dir}/${name}",
    content => $my_content,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
  }
}