Commit 582ffdfa authored by Michael Robbert's avatar Michael Robbert
Browse files

Add option to allow configuration of logging authentication requests

parent 07ee3f9c
...@@ -110,6 +110,9 @@ Add the radius user to the winbind privileged group. You must install winbind se ...@@ -110,6 +110,9 @@ Add the radius user to the winbind privileged group. You must install winbind se
##### `syslog` ##### `syslog`
Add a syslog rule (using the `saz/rsyslog` module). Default: `false`. Add a syslog rule (using the `saz/rsyslog` module). Default: `false`.
##### `log_auth`
Log authentication requests (yes/no). Default: `no`.
```puppet ```puppet
class { 'freeradius': class { 'freeradius':
max_requests => 4096, max_requests => 4096,
...@@ -120,6 +123,7 @@ class { 'freeradius': ...@@ -120,6 +123,7 @@ class { 'freeradius':
wpa_supplicant => true, wpa_supplicant => true,
winbind_support => true, winbind_support => true,
syslog => true, syslog => true,
log_auth => 'yes',
} }
``` ```
......
...@@ -11,6 +11,7 @@ class freeradius ( ...@@ -11,6 +11,7 @@ class freeradius (
$wpa_supplicant = false, $wpa_supplicant = false,
$winbind_support = false, $winbind_support = false,
$syslog = false, $syslog = false,
$log_auth = 'no',
$preserve_mods = true, $preserve_mods = true,
) inherits freeradius::params { ) inherits freeradius::params {
......
...@@ -32,6 +32,7 @@ describe 'freeradius' do ...@@ -32,6 +32,7 @@ describe 'freeradius' do
#:wpa_supplicant => false, #:wpa_supplicant => false,
#:winbind_support => false, #:winbind_support => false,
#:syslog => false, #:syslog => false,
#:log_auth => 'no',
} }
end end
# add these two lines in a single test block to enable puppet and hiera debug mode # add these two lines in a single test block to enable puppet and hiera debug mode
......
...@@ -318,7 +318,7 @@ log { ...@@ -318,7 +318,7 @@ log {
# #
# allowed values: {no, yes} # allowed values: {no, yes}
# #
auth = no auth = <%= @log_auth %>
# Log passwords with the authentication requests. # Log passwords with the authentication requests.
# auth_badpass - logs password if it's rejected # auth_badpass - logs password if it's rejected
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment