/[adm]/puppet/deployment/access_classes/manifests/committers.pp
ViewVC logotype

Contents of /puppet/deployment/access_classes/manifests/committers.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2935 - (show annotations) (download)
Tue Dec 11 18:56:35 2012 UTC (11 years, 3 months ago) by boklm
File size: 556 byte(s)
Make pam::multiple_ldap_access a class instead of a define

pam::multiple_ldap_access can only be included once. If it is included
multiple time, the value of the variable $access_classes used in
templates/system-auth is random. As it can only be included once, it
should be a parameterized class and not a defined resource.
1 # for server where people can connect with ssh ( git, svn )
2 class access_classes::committers {
3 # this is required, as we force the shell to be the restricted one
4 # openssh will detect if the file do not exist and while refuse to log the
5 # user, and erase the password ( see pam_auth.c in openssh code,
6 # seek badpw )
7 # so the file must exist
8 # permission to use svn, git, etc must be added separatly
9
10 class { pam::multiple_ldap_access:
11 access_classes => ['mga-shell_access'],
12 restricted_shell => true,
13 }
14 }

  ViewVC Help
Powered by ViewVC 1.1.30