Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 7.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'iu-duo_unix', '2.1.1'Learn more about managing modules with a PuppetfileDocumentation
duo_unix
The duo_unix module handles the deployment of duo_unix (login_duo or
pam_duo) across a range of Linux distributions. The module will handle
repository dependencies, installation of the duo_unix package, configuration
of OpenSSH, and PAM alterations as needed.
For further information about duo_unix, view the official documentation.
Table of Contents
- Description
- Setup - The basics of getting started with duo_unix
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Contributing
Description
The duo_unix Puppet module installs and manages duo_unix (login_duo or pam_duo).
This module is meant to be a drop-in replacement for the abandoned official puppet module.
Setup
What duo_unix affects
This module will add the official Duo Inc. repository. It will also then install the appropriate package(s) for your system.
It will also optionally alter some files on your system to help ensure that user login attempts will correctly require Duo to succeed.
If usage is set to login, it will set the following directives in
/etc/ssh/sshd_config
ForceCommand /usr/sbin/login_duo
PermitTunnel no
AllowTcpForwarding no
If usage is set to pam, it will alter your pam config. Those changes are
distribution-specific. To see exactly what is changed, please refer to the
manifests/pam_config.pp file.
Setup Requirements
This module requires some additional modules, but it is highly likely that they are already installed on your puppet server. They are as follows:
puppetlabs/apt6.0 - 8.0puppetlabs/augeas_core1.0.0 - 2.0.0puppetlabs/stdlib5.0.0 - 6.0.0puppetlabs/translate1.0.0 - 3.0.0puppetlabs/yumrepo_core1.0.0 - 2.0.0
Beginning with duo_unix
The very basic steps needed for a user to get the module up and running. This can include setup steps, if necessary, or it can be an example of the most basic use of the module.
Usage
class { 'duo_unix':
usage => 'login',
ikey => 'your integration key',
skey => 'your secret key',
host => 'api-yourhost.duosecurity.com',
motd => 'yes',
}
Limitations
In the past the official Duo module supported various RedHat derivatives. This module currently makes no attempt to support them.
Contributing
Pull requests are welcome, but all code must meet the following requirements
- Is fully tested
- All tests must pass
- Follows the Puppet language style guide
- All commits must be signed
Changelog
Release 2.1.1
- Fixed some code quality issues
Release 2.1.0
- Added initial support for Rocky and Alma Linux
- They will be using the RedHat version of Puppet, not CentOS
Release 2.0.0
- Removed older unsupported versions of various operating systems
- This is why this is version 2x
- Switched how OS code name is derived on debian based systems
- Added some more documentation to the example
Release 1.0.11
- Updated PPA pgp key fingerprint
- Bumped version of PDK
Release 1.0.10
- Removed
AllowTcpForwarding noas this conflicts in environments where the requirement forAllowTcpForwardingneeds to beyes. - Updated pdk
- Updated Changelog
- Updated Metadata.json
- Removed vscode extension
Release 1.0.9
- scorgatelli-docutech added conditional repo management and fixed some bugs
Release 1.0.8
- Changed ssh service name to 'sshd' on RedHat based systems
Release 1.0.7
- Parameterize displaying diff
- Updated Yum Repo key
- Fix groups usage
Release 1.0.6
- Updated pdk
- Updated dependency upbound limit in metadata.json
Release 1.0.5
- Fixed my fix for the config template
Release 1.0.4
Bugfixes
- Fixed issue where
groupandhttp_proxywere always set in the config even when blank
Release 0.1.0
Features
Bugfixes
Known Issues
Dependencies
- puppetlabs/apt (>= 6.0.0 < 8.0.0)
- puppetlabs/augeas_core (>= 1.0.0 < 2.0.0)
- puppetlabs/stdlib (>= 5.0.0 < 8.0.0)
- puppetlabs/translate (>= 1.0.0 < 3.0.0)
- puppetlabs/yumrepo_core (>= 1.0.0 < 2.0.0)
BSD 3-Clause License Copyright (c) 2019, Indiana University All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.