From 5b253a550c34f448dd94fa5969bd8466bfde09ae Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Mon, 20 Apr 2009 00:06:35 +0100
Subject: [PATCH] pam.d/sudo handling

---
 modules/sudo/files/common/pam  | 12 ++++++++++++
 modules/sudo/manifests/init.pp |  9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 modules/sudo/files/common/pam

diff --git a/modules/sudo/files/common/pam b/modules/sudo/files/common/pam
new file mode 100644
index 00000000..a6a2375b
--- /dev/null
+++ b/modules/sudo/files/common/pam
@@ -0,0 +1,12 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+#%PAM-1.0
+
+auth [authinfo_unavail=ignore success=done ignore=ignore default=die] pam_pwdfile.so pwdfile=/var/lib/misc/thishost/sudo-passwd
+auth required pam_unix.so nullok_secure try_first_pass
+@include common-account
+
+session required pam_permit.so
+session required pam_limits.so
diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
index d6705dd2..9e1024ce 100644
--- a/modules/sudo/manifests/init.pp
+++ b/modules/sudo/manifests/init.pp
@@ -7,6 +7,13 @@ class sudo {
 		mode    => 440,
 		source  => [ "puppet:///sudo/per-host/$fqdn/sudoers",
 		             "puppet:///sudo/common/sudoers" ],
-		require => Package["sudo"],
+		require => Package["sudo"]
+                ;
+	       "/etc/pam.d/sudo":
+		source  => [ "puppet:///sudo/per-host/$fqdn/pam",
+		             "puppet:///sudo/common/pam" ],
+		require => Package["sudo"]
+                ;
+
 	}
 }
-- 
2.39.2