Fix pam configs for debian and ubuntu.

Debian and ubuntu has different pam versions and therefore different config
files for pam. Change this accordingly.

Move all pam configuration files (they are 9 currently) to their own subfolder.

Files/pam/common-account-Debian

+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+
+account	sufficient	pam_krb5.so minimum_uid=100
+account	sufficient	pam_unix.so

Files/pam/common-auth-Debian

+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+
+auth	required	pam_env.so
+auth	required	pam_group.so
+auth	sufficient	pam_unix.so likeauth nullok
+auth	sufficient	pam_krb5.so use_first_pass minimum_uid=100
+auth	required	pam_deny.so

Files/pam/common-password-Debian

+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+password sufficient	pam_krb5.so minimum_uid=100
+password sufficient	pam_unix.so nullok md5 shadow
+password required	pam_deny.so

Files/pam/common-session-Debian

+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).
+
+session	required	pam_limits.so
+session	required	pam_krb5.so minimum_uid=100
+session	sufficient	pam_unix.so

kerberos.pp

@@ -14,22 +14,22 @@ class pam::linux
     "/etc/pam.d/common-auth":
       ensure => file,
       owner => "root", group => "root", mode => 644,
-      source => "$pupfiles/common-auth",
+      source => "$pupfiles/pam/common-auth-${operatingsystem}",
       require =>[  File["krb5.conf"], Package[$pam_krb5] ];
     "/etc/pam.d/common-account":
       ensure => file,
       owner => "root", group => "root", mode => 644,
-      source => "$pupfiles/common-account",
+      source => "$pupfiles/pam/common-account-${operatingsystem}",
       require =>[  File["krb5.conf"], Package[$pam_krb5] ];
     "/etc/pam.d/common-session":
       ensure => file,
       owner => "root", group => "root", mode => 644,
-      source => "$pupfiles/common-session",
+      source => "$pupfiles/pam/common-session-${operatingsystem}",
       require =>[  File["krb5.conf"], Package[$pam_krb5] ];
     "/etc/pam.d/common-password":
       ensure => file,
       owner => "root", group => "root", mode => 644,
-      source => "$pupfiles/common-password",
+      source => "$pupfiles/pam/common-password-${operatingsystem}",
       require =>[  File["krb5.conf"], Package[$pam_krb5] ];
   }
 }
@@ -42,7 +42,7 @@ class pam::solaris
       owner => "root",
       group => "other",
       mode => 644,
-      content => template("$pupfiles/pam.conf-solaris.erb"),
+      content => template("$pupfiles/pam/pam.conf-solaris.erb"),
       require => File["krb5.conf"];
   }
 }