Of course, modifying the module may be tidier but modifying a module used by lots of production servers is not a trivial undertaking.
Here's how it works:
class systems::section::authssh inherits auth::ssh {
File['/etc/pam.d/sshd']{
content=>"blah"
}
}
This means I get all the good stuff from auth::ssh but I can override the sshd pam configuration for this server/group of servers.
The case I was dealing with was a bit more complicated (though same concept), in modules I have auth::thistype which includes auth::pam
I would normally include auth::thistype and just to complicate things the setting I want to change is in auth::pam. Unfortunately (in this case) puppet won't let you modify an argument in a class that isn't the one setting it (or a sub class thereof) so I can't set it in the class as above, I need to set it in the correct class, like this:
class systems::section::auththistype inherits auth::thistype {
include systems::section::authpam
}
class systems::section::authpam inherits auth::pam {
File['/etc/pam.d/sshd']{
File['/etc/pam.d/sshd']{
content=>"blah"
}
}
(Please note, code sections were genericised and should be used as reference only)
