1 |
# for server where people can connect with ssh ( git, svn ) |
2 |
class access_classes::committers { |
3 |
# this is required, as we force the shell to be the restricted one |
4 |
# openssh will detect if the file do not exist and while refuse to log the |
5 |
# user, and erase the password ( see pam_auth.c in openssh code, |
6 |
# seek badpw ) |
7 |
# so the file must exist |
8 |
# permission to use svn, git, etc must be added separatly |
9 |
|
10 |
pam::multiple_ldap_access { 'committers': |
11 |
access_classes => ['mga-shell_access'], |
12 |
restricted_shell => true, |
13 |
} |
14 |
} |