# pam_access

This is the pam_access module.

This module enables Puppet to manage the contents of ‘/etc/security/access.conf`.

## Classes

### ‘pam_access`

Parameters:

• ‘exec` = `true` (default), `false’

  If this parameter is set to ‘true`, the class will run an `authconfig` command to force an update after the `access.conf` file is changed.

## Defined Types

### ‘pam_access::entry`

Parameters:

• $create = true (default), false

  If $create is true, an access.conf entry will be created; otherwise, one (or more) will be removed.

• $user = username, (groupname), ALL (EXCEPT)

  Supply a valid user/group specification.

• $origin = tty, hostname, domainname, address, ALL, LOCAL

  Supply a valid origin specification.

• $group = true, false (default)

  If $group is true, the user specification $user will be interpreted as a group name.

Actions:

Creates an augeas resource to create or remove

Requires:

Augeas >= 0.8.0 (access.conf lens is not present in earlier releases)

Sample Usage:

pam_access::entry {
  "mailman-cron":
    user   => "mailman",
    origin => "cron";
  "root-localonly":
    permission => "-",
    user       => "root",
    origin     => "ALL EXCEPT LOCAL";
  "lusers-revoke-access":
    create => false,
    user   => "lusers",
    group  => true;
}