/[adm]/puppet/deployment/access_class/manifests/init.pp
ViewVC logotype

Annotation of /puppet/deployment/access_class/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 787 - (hide annotations) (download)
Thu Jan 13 20:02:31 2011 UTC (13 years, 4 months ago) by misc
File size: 993 byte(s)
- fix syntax
1 misc 780 class access_class {
2    
3     # beware , theses classes are exclusives
4     # if you need multiple group access, you need to define you own class
5     # of access
6    
7     # for server where only admins can connect
8     class admin {
9     pam::multiple_ldap_access { "admin":
10     access_classes => ['mga-sysadmin']
11     }
12     }
13    
14     # for server where people can connect with ssh ( git, svn )
15     class committers {
16     # this is required, as we force the shell to be the restricted one
17     # openssh will detect if the file do not exist and while refuse to log the
18     # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
19     # so the file must exist
20     # permission to use svn, git, etc must be added separatly
21    
22     pam::multiple_ldap_access { "committers":
23 misc 787 access_classes => ['mga-committers'],
24 misc 786 restricted_shell => true,
25 misc 780 }
26     }
27 misc 781
28     class iso_makers {
29     pam::multiple_ldap_access { "iso_makers":
30     access_classes => ['mga-iso_makers','mga-sysadmin']
31     }
32     }
33 misc 780 }

  ViewVC Help
Powered by ViewVC 1.1.30