Merge pull request #33 from ghoneycutt/solaris11

Add support for Solaris 11
ghoneycutt · Oct 14, 2013 · b3e9a1a · b3e9a1a
2 parents f22d92f + a6fd613
commit b3e9a1a
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -15,6 +15,7 @@ This module has been tested to work on the following systems using Puppet v3 and
  * EL 5
  * EL 6
  * Solaris 10
+ * Solaris 11
  * Suse 10
  * Suse 11
  * Ubuntu 12.04 LTS
@@ -134,6 +135,12 @@ Content for PAM session. If undef, parameter is set based on the OS version.
 
 - *Default*: undef, default is set based on OS version
 
+pam_d_other_file
+----------------
+Path to other. Used on Suse.
+
+- *Default*: '/etc/pam.d/other'
+
 common_auth_file
 ----------------
 Path to common-auth. Used on Suse.

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -21,6 +21,7 @@
   $pam_account_lines                   = undef,
   $pam_password_lines                  = undef,
   $pam_session_lines                   = undef,
+  $pam_d_other_file                    = '/etc/pam.d/other',
   $common_auth_file                    = '/etc/pam.d/common-auth',
   $common_auth_pc_file                 = '/etc/pam.d/common-auth-pc',
   $common_account_file                 = '/etc/pam.d/common-account',
@@ -199,8 +200,29 @@
 
           $default_pam_session_lines = ['other   session required        pam_unix_session.so.1']
         }
+
+        '5.11': {
+          $default_pam_auth_lines = ['auth definitive         pam_user_policy.so.1',
+                                      'auth requisite          pam_authtok_get.so.1',
+                                      'auth required           pam_dhkeys.so.1',
+                                      'auth required           pam_unix_auth.so.1',
+                                      'auth required           pam_unix_cred.so.1']
+
+          $default_pam_account_lines = ['account requisite       pam_roles.so.1',
+                                        'account definitive      pam_user_policy.so.1',
+                                        'account required        pam_unix_account.so.1',
+                                        'account required        pam_tsol_account.so.1']
+
+          $default_pam_password_lines = ['password definitive     pam_user_policy.so.1',
+                                          'password include        pam_authtok_common',
+                                          'password required       pam_authtok_store.so.1']
+
+          $default_pam_session_lines = ['session definitive      pam_user_policy.so.1',
+                                        'session required        pam_unix_session.so.1']
+        }
+
         default: {
-          fail("Pam is only supported on Solaris 10. Your kernelrelease is identified as <${::kernelrelease}>.")
+          fail("Pam is only supported on Solaris 10 and 11. Your kernelrelease is identified as <${::kernelrelease}>.")
         }
       }
     }
@@ -509,13 +531,30 @@
     }
 
     'solaris': {
-      file { 'pam_conf':
-        ensure  => file,
-        path    => $pam_conf_file,
-        owner   => 'root',
-        group   => 'sys',
-        mode    => '0644',
-        content => template('pam/pam.conf.erb'),
+      case $::kernelrelease {
+        '5.10': {
+          file { 'pam_conf':
+            ensure  => file,
+            path    => $pam_conf_file,
+            owner   => 'root',
+            group   => 'sys',
+            mode    => '0644',
+            content => template('pam/pam.conf.erb'),
+          }
+        }
+        '5.11': {
+          file { 'pam_other':
+            ensure  => file,
+            path    => $pam_d_other_file,
+            owner   => 'root',
+            group   => 'sys',
+            mode    => '0644',
+            content => template('pam/pam.conf.erb'),
+          }
+        }
+        default: {
+          fail("Pam is only supported on Solaris 10 and 11. Your kernelrelease is identified as <${::kernelrelease}>.")
+        }
       }
     }
     default: {

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -403,5 +403,47 @@
         })
       end
     end
+    context 'defaults on osfamily solaris with kernelrelease 5.11' do
+      let :facts do
+        {
+          :osfamily      => 'Solaris',
+          :kernelrelease => '5.11',
+        }
+      end
+
+      it do
+        should contain_file('pam_other').with({
+          'ensure'  => 'file',
+          'path'    => '/etc/pam.d/other',
+          'owner'   => 'root',
+          'group'   => 'sys',
+          'mode'    => '0644',
+        })
+        should contain_file('pam_other').with_content("# This file is being maintained by Puppet.
+# DO NOT EDIT
+# Auth
+auth definitive         pam_user_policy.so.1
+auth requisite          pam_authtok_get.so.1
+auth required           pam_dhkeys.so.1
+auth required           pam_unix_auth.so.1
+auth required           pam_unix_cred.so.1
+
+# Account
+account requisite       pam_roles.so.1
+account definitive      pam_user_policy.so.1
+account required        pam_unix_account.so.1
+account required        pam_tsol_account.so.1
+
+# Password
+password definitive     pam_user_policy.so.1
+password include        pam_authtok_common
+password required       pam_authtok_store.so.1
+
+# Session
+session definitive      pam_user_policy.so.1
+session required        pam_unix_session.so.1
+")
+      end
+    end
   end
 end