[Puppet Users] augeasproviders_pam and some account entries (iteration in puppet 3)

Mon, 23 Nov 2015 08:02:33 -0800 

Hello all,

I'm trying to configure pam.d/password-auth file with the pam
augeasprovider from herculesteam
<https://forge.puppetlabs.com/herculesteam/augeasproviders_pam/> . I'm
running RH6 system with puppet 3.7 and version 2.1 of augeasprovider.

I'd like to configure pam from a list of groups. Something like:

class::allowed:
 -graoupA
 -groupB
 -groupC


and the result should be:

account     [default=ignore success=3]   pam_succeed_if.so uid < 1000 quiet
account     [default=ignore success=2]   pam_succeed_if.so user ingroup
groupA
account     [default=ignore success=1]   pam_succeed_if.so user ingroup
groupB
account     [default=bad success=ignore] pam_succeed_if.so user ingroup
groupC

I should configure some entries like:

      'Add account in system-auth 1' :
        ensure           => present,
        service          => 'system-auth',
        type             => 'account',
        control          => '[default=ignore success=2] ',
        control_is_param => true,
        module           => 'pam_succeed_if.so',
        arguments      => ['uid < 1000 quiet];

      'Add account in system-auth 2' :
        ensure           => present,
        service          => 'system-auth',
        type             => 'account',
        control          => '[default=ignore success=1] ',
        control_is_param => true,
        module           => 'pam_succeed_if.so',
        arguments      => ['user ingroup groupA'];

and so on...


I need some iteration when creating the pam entries as the "success" value
is based the number of entries in $allowed. And also some case/if for the
first/ last entry.

I've looking for away and found something like "recursion in puppet
<https://ttboj.wordpress.com/2012/11/20/recursion-in-puppet-for-no-particular-reason/>",
or even using a file template and add some ruby, but I'm wondering if there
is another approach for this problem using augeasproviders_pam . And
upgrade to puppet 4 is not an option.


Thanks in advance,
Arnau

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAM69jx_y_JOHa0L1S0nVm_AL5RJ9JaNOA2OdY%3DaMtwVdtNucgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to