Puppet Class: sssd::service::pam

Defined in:
manifests/service/pam.pp

Overview

Parameters:

  • description (Optional[String]) (defaults to: undef)
  • debug_level (Optional[Sssd::DebugLevel]) (defaults to: undef)
  • debug_timestamps (Boolean) (defaults to: true)
  • debug_microseconds (Boolean) (defaults to: false)
  • pam_cert_auth (Boolean) (defaults to: false)
  • reconnection_retries (Integer) (defaults to: 3)
  • command (Optional[String]) (defaults to: undef)
  • offline_credentials_expiration (Integer) (defaults to: 0)
  • offline_failed_login_attempts (Integer) (defaults to: 3)
  • offline_failed_login_delay (Integer) (defaults to: 5)
  • pam_verbosity (Integer) (defaults to: 1)
  • pam_id_timeout (Integer) (defaults to: 5)
  • pam_pwd_expiration_warning (Integer) (defaults to: 7)
  • get_domains_timeout (Optional[Integer]) (defaults to: undef)
  • pam_trusted_users (Optional[String]) (defaults to: undef)
  • pam_public_domains (Optional[String]) (defaults to: undef)
  • custom_options (Optional[Hash]) (defaults to: undef)

Author:



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'manifests/service/pam.pp', line 36

class sssd::service::pam (
  Optional[String]             $description                    = undef,
  Optional[Sssd::DebugLevel]   $debug_level                    = undef,
  Boolean                      $debug_timestamps               = true,
  Boolean                      $debug_microseconds             = false,
  Boolean                      $pam_cert_auth                  = false,
  Integer                      $reconnection_retries           = 3,
  Optional[String]             $command                        = undef,
  Integer                      $offline_credentials_expiration = 0,
  Integer                      $offline_failed_login_attempts  = 3,
  Integer                      $offline_failed_login_delay     = 5,
  Integer                      $pam_verbosity                  = 1,
  Integer                      $pam_id_timeout                 = 5,
  Integer                      $pam_pwd_expiration_warning     = 7,
  Optional[Integer]            $get_domains_timeout            = undef,
  Optional[String]             $pam_trusted_users              = undef,
  Optional[String]             $pam_public_domains             = undef,
  Optional[Hash]               $custom_options                 = undef,
) {
  if $custom_options {
    $_content = epp(
      "${module_name}/service/custom_options.epp",
      {
        'service_name' => 'pam',
        'options'      => $custom_options,
      },
    )
  } else {
    # Build configuration lines in order (matching expected test output)
    # Debug settings
    $description_line = $description ? { undef => [], default => ["description = ${description}"] }
    $debug_level_line = $debug_level ? { undef => [], default => ["debug_level = ${debug_level}"] }
    $debug_timestamps_line = ["debug_timestamps = ${debug_timestamps}"]
    $debug_microseconds_line = ["debug_microseconds = ${debug_microseconds}"]

    # Connection settings
    $reconnection_retries_line = ["reconnection_retries = ${reconnection_retries}"]
    $command_line = $command ? { undef => [], default => ["command = ${command}"] }

    # Offline settings
    $offline_credentials_expiration_line = ["offline_credentials_expiration = ${offline_credentials_expiration}"]
    $offline_failed_login_attempts_line = ["offline_failed_login_attempts = ${offline_failed_login_attempts}"]
    $offline_failed_login_delay_line = ["offline_failed_login_delay = ${offline_failed_login_delay}"]

    # PAM-specific settings
    $pam_verbosity_line = ["pam_verbosity = ${pam_verbosity}"]
    $pam_id_timeout_line = ["pam_id_timeout = ${pam_id_timeout}"]
    $pam_pwd_expiration_warning_line = ["pam_pwd_expiration_warning = ${pam_pwd_expiration_warning}"]
    $pam_cert_auth_line = $pam_cert_auth ? { true => ['pam_cert_auth = True'], false => [] }

    # Optional settings
    $get_domains_timeout_line = $get_domains_timeout ? { undef => [], default => ["get_domains_timeout = ${get_domains_timeout}"] }
    $pam_trusted_users_line = $pam_trusted_users ? { undef => [], default => ["pam_trusted_users = ${pam_trusted_users}"] }
    $pam_public_domains_line = $pam_public_domains ? { undef => [], default => ["pam_public_domains = ${pam_public_domains}"] }

    # Combine all lines in order
    $config_lines = (
      $description_line +
      $debug_level_line +
      $debug_timestamps_line +
      $debug_microseconds_line +
      $reconnection_retries_line +
      $command_line +
      $offline_credentials_expiration_line +
      $offline_failed_login_attempts_line +
      $offline_failed_login_delay_line +
      $pam_verbosity_line +
      $pam_id_timeout_line +
      $pam_pwd_expiration_warning_line +
      $get_domains_timeout_line +
      $pam_trusted_users_line +
      $pam_public_domains_line +
      $pam_cert_auth_line
    )

    # Join all configuration lines
    $content = (['# sssd::service::pam'] + $config_lines).join("\n")

    $_content = epp(
      "${module_name}/generic.epp",
      {
        'title'   => 'pam',
        'content' => $content,
      },
    )
  }

  sssd::config::entry { 'puppet_service_pam':
    content => $_content,
  }
}