Merge pull request voxpupuli#120 from jyaworski/add_pam_support

Add pam support to authentication

Author: Liam Bennett

manifests/params.pp

@@ -157,6 +157,15 @@
       'auth_users'     => {},
       'file'           => '/etc/rundeck/realm.properties'
     },
+    'pam' => {
+      'service'            => 'sshd',
+      'supplemental_roles' => 'user',
+      'store_pass'         => true,
+      'clear_pass'         => undef,
+      'try_first_pass'     => undef,
+      'use_first_pass'     => undef,
+      'use_unix_groups'    => undef,
+    },
     'ldap' => {
       'server'                  => undef,
       'port'                    => '389',

templates/_auth_pam.erb

@@ -0,0 +1,17 @@
+org.rundeck.jaas.jetty.JettyPamLoginModule requisite
+  debug="true"
+  service="<%= @auth_config['pam']['service'] %>"
+  supplementalRoles="<%= @auth_config['pam']['supplemental_roles'] %>"
+<%- if @auth_config['pam']['clear_pass'] != :undef -%>
+  clearPass="<%= @auth_config['pam']['clear_pass'] %>"
+<%- end -%>
+<%- if @auth_config['pam']['try_first_pass'] != :undef -%>
+  tryFirstPass="<%= @auth_config['pam']['try_first_pass'] %>"
+<%- end -%>
+<%- if @auth_config['pam']['use_first_pass'] != :undef -%>
+  useFirstPass="<%= @auth_config['pam']['use_first_pass'] %>"
+<%- end -%>
+<%- if @auth_config['pam']['use_unix_groups'] != :undef -%>
+  useUnixGroups="<%= @auth_config['pam']['use_unix_groups'] %>"
+<%- end -%>
+  storePass="<%= @auth_config['pam']['store_pass'] %>";

templates/jaas-auth.conf.erb

@@ -6,6 +6,8 @@ authentication {
   <%=     scope.function_template(['rundeck/_auth_ldap.erb']) %>
   <%-   when 'active_directory' -%>
   <%=     scope.function_template(['rundeck/_auth_ad.erb']) %>
+  <%-   when 'pam' -%>
+  <%=     scope.function_template(['rundeck/_auth_pam.erb']) %>
   <%-   when 'file' -%>
   <%=     scope.function_template(['rundeck/_auth_file.erb']) %>
   <%-   else