/[adm]/puppet/deployment/access_classes/manifests/init.pp
ViewVC logotype

Contents of /puppet/deployment/access_classes/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1743 - (show annotations) (download)
Wed Jun 15 23:01:59 2011 UTC (12 years, 9 months ago) by misc
File size: 1261 byte(s)
add new class for artwork team access
1 class access_classes {
2
3 # beware , theses classes are exclusives
4 # if you need multiple group access, you need to define you own class
5 # of access
6
7 # for server where only admins can connect
8 class admin {
9 pam::multiple_ldap_access { "admin":
10 access_classes => ['mga-sysadmin']
11 }
12 }
13
14 # for server where people can connect with ssh ( git, svn )
15 class committers {
16 # this is required, as we force the shell to be the restricted one
17 # openssh will detect if the file do not exist and while refuse to log the
18 # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
19 # so the file must exist
20 # permission to use svn, git, etc must be added separatly
21
22 pam::multiple_ldap_access { "committers":
23 access_classes => ['mga-shell_access'],
24 restricted_shell => true,
25 }
26 }
27
28 class iso_makers {
29 pam::multiple_ldap_access { "iso_makers":
30 access_classes => ['mga-iso_makers','mga-sysadmin']
31 }
32 }
33
34 class web {
35 pam::multiple_ldap_access { "web":
36 access_classes => ['mga-web','mga-sysadmin']
37 }
38 }
39
40 class web_and_artwork {
41 pam::multiple_ldap_access { "web_artwork":
42 access_classes => ['mga-web','mga-sysadmin','mga-artwork']
43 }
44 }
45 }

  ViewVC Help
Powered by ViewVC 1.1.30