access_class/manifests/init.pp

class access_class {
 
  # beware , theses classes are exclusives
  # if you need multiple group access, you need to define you own class
  # of access  
 
  # for server where only admins can connect
  class admin {
    pam::multiple_ldap_access { "admin":
        access_classes => ['mga-sysadmin']
    }
  }

  # for server where people can connect with ssh ( git, svn )
  class committers {
    # this is required, as we force the shell to be the restricted one
    # openssh will detect if the file do not exist and while refuse to log the
    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
    # so the file must exist
    # permission to use svn, git, etc must be added separatly
     
    include restrictshell::shell

    pam::multiple_ldap_access { "committers":
        access_classes => ['mga-commiters']
    }
  }
}
1	class access_class {
2
3	# beware , theses classes are exclusives
4	# if you need multiple group access, you need to define you own class
5	# of access
6
7	# for server where only admins can connect
8	class admin {
9	pam::multiple_ldap_access { "admin":
10	access_classes => ['mga-sysadmin']
11	}
12	}
13
14	# for server where people can connect with ssh ( git, svn )
15	class committers {
16	# this is required, as we force the shell to be the restricted one
17	# openssh will detect if the file do not exist and while refuse to log the
18	# user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
19	# so the file must exist
20	# permission to use svn, git, etc must be added separatly
21
22	include restrictshell::shell
23
24	pam::multiple_ldap_access { "committers":
25	access_classes => ['mga-commiters']
26	}
27	}
28	}