/[adm]/puppet/deployment/access_classes/manifests/committers.pp
ViewVC logotype

Annotation of /puppet/deployment/access_classes/manifests/committers.pp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2935 - (hide annotations) (download)
Tue Dec 11 18:56:35 2012 UTC (10 years, 11 months ago) by boklm
File size: 556 byte(s) 
Make pam::multiple_ldap_access a class instead of a define

pam::multiple_ldap_access can only be included once. If it is included
multiple time, the value of the variable $access_classes used in
templates/system-auth is random. As it can only be included once, it
should be a parameterized class and not a defined resource.
1 misc 2673 # for server where people can connect with ssh ( git, svn )
2     class access_classes::committers {
3     # this is required, as we force the shell to be the restricted one
4     # openssh will detect if the file do not exist and while refuse to log the
5     # user, and erase the password ( see pam_auth.c in openssh code,
6     # seek badpw )
7     # so the file must exist
8     # permission to use svn, git, etc must be added separatly
9    
10 boklm 2935 class { pam::multiple_ldap_access:
11 misc 2673 access_classes => ['mga-shell_access'],
12     restricted_shell => true,
13     }
14     }
  ViewVC Help
Powered by ViewVC 1.1.28