pam.d/sudo handling

diff --git a/modules/sudo/files/common/pam b/modules/sudo/files/common/pam
new file mode 100644 (file)
index 0000000..a6a2375
--- /dev/null
+++ b/modules/sudo/files/common/pam
@@ -0,0 +1,12 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+#%PAM-1.0
+
+auth [authinfo_unavail=ignore success=done ignore=ignore default=die] pam_pwdfile.so pwdfile=/var/lib/misc/thishost/sudo-passwd
+auth required pam_unix.so nullok_secure try_first_pass
+@include common-account
+
+session required pam_permit.so
+session required pam_limits.so

diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
index d6705dd21e146c25ee37c94fce586c0126d95989..9e1024ce0188b694451d10b436057e40fe09755c 100644 (file)
--- a/modules/sudo/manifests/init.pp
+++ b/modules/sudo/manifests/init.pp
@@ -7,6 +7,13 @@ class sudo {
                mode    => 440,
                source  => [ "puppet:///sudo/per-host/$fqdn/sudoers",
                             "puppet:///sudo/common/sudoers" ],
-               require => Package["sudo"],
+               require => Package["sudo"]
+                ;
+              "/etc/pam.d/sudo":
+               source  => [ "puppet:///sudo/per-host/$fqdn/pam",
+                            "puppet:///sudo/common/pam" ],
+               require => Package["sudo"]
+                ;
+
        }
 }