search

voxpupuli / puppet-augeasproviders_pam

Augeas-based PAM type and provider for Puppet
Other
5 stars 21 forks source link

Issue with position => 'before first' in Debian #20

Closed Bremma closed 3 years ago

Bremma commented 6 years ago

Below are the contents of my site.pp file where I am testing getting the addition of the following 4 pam lines working in an sshd file. These commands work fine in my CentOS files, and need to been in this specific order. When used in my debian files, sepermit.so shows at the bottom of the file. Even when attempting to place it before the first module in the file (in this case nologin.so) it still drops to the bottom. Is there a known issue or workaround for this?

pam {"sshd pam_sepermit":
        ensure => positioned,
        service => 'sshd',
        type => 'auth',
        control => 'required',
        module => 'pam_sepermit.so',
        position => 'before first',
}
pam {"sshd pam_succeed itadmins":
        ensure => positioned,
        service => 'sshd',
        type => 'auth',
        control => '[success=2 default=ignore]',
        control_is_param => true,
        module => 'pam_succeed_if.so',
        arguments => ['user', 'ingroup', 'itadmins'],
        position => 'after module pam_sepermit.so',
}
pam {"sshd pam_succeed local_users":
        ensure => positioned,
        service => 'sshd',
        type => 'auth',
        control => '[success=1 default=ignore]',
        control_is_param => true,
        module => 'pam_succeed_if.so',
        arguments => ['user', 'ingroup', 'local_users'],
        position => 'after module pam_succeed_if.so',
}
pam {"sshd pam_radius":
        ensure => positioned,
        service => 'sshd',
        type => 'auth',
        control => 'required',
        module => 'pam_radius_auth.so',
        position => 'after *[control="[success=1 default=ignore]"]',
}
kenyon commented 4 years ago

Looks like the same as issue #10.

raphink commented 3 years ago

It looks like it indeed, thanks @kenyon