Update 12/22: Based on comments from Allister and Nigel this should be removed from core types. That may need to wait until Puppet 5 for semver reasons.
In OS X 10.9, `/etc/authorization` has been "deprecated"; as of the GM, the update will move `/etc/authorization` to `/etc/authorization.deprecated`.
There is now `/System/Library/Security/authorization.plist` but it seems to just be the defaults; changing a right with the `security authorizationdb` command doesn't change that file, but instead updates a sqlite db at `/var/db/auth.db`.
I did some quick testing, and just changing `AuthDB` in `puppet/provider/macauthorization/macauthorization.rb` isn't enough because the provider reads the plist to determine current state, but in the 10.9 world the current state is reflected in the `auth.db` file (or the output of `security authorizationdb` commands) so even when a right change is applied, puppet doesn't know.