/[adm]/puppet/deployment/access_classes/manifests/init.pp
ViewVC logotype

Diff of /puppet/deployment/access_classes/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 2672 by misc, Wed Jun 15 23:01:59 2011 UTC revision 2673 by misc, Thu Mar 22 15:18:21 2012 UTC
# Line 1  Line 1 
1  class access_classes {  class access_classes {
   
2    # beware , theses classes are exclusives    # beware , theses classes are exclusives
3    # if you need multiple group access, you need to define you own class    # if you need multiple group access, you need to define you own class
4    # of access      # of access
   
   # for server where only admins can connect  
   class admin {  
     pam::multiple_ldap_access { "admin":  
         access_classes => ['mga-sysadmin']  
     }  
   }  
   
   # for server where people can connect with ssh ( git, svn )  
   class committers {  
     # this is required, as we force the shell to be the restricted one  
     # openssh will detect if the file do not exist and while refuse to log the  
     # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )  
     # so the file must exist  
     # permission to use svn, git, etc must be added separatly  
   
     pam::multiple_ldap_access { "committers":  
         access_classes => ['mga-shell_access'],  
         restricted_shell => true,  
     }  
   }  
   
   class iso_makers {  
     pam::multiple_ldap_access { "iso_makers":  
       access_classes => ['mga-iso_makers','mga-sysadmin']  
     }  
   }  
   
   class web {  
     pam::multiple_ldap_access { "web":  
       access_classes => ['mga-web','mga-sysadmin']  
     }  
   }  
   
   class web_and_artwork {  
     pam::multiple_ldap_access { "web_artwork":  
       access_classes => ['mga-web','mga-sysadmin','mga-artwork']  
     }  
   }  
5  }  }

Legend:
Removed from v.2672  
changed lines
  Added in v.2673

  ViewVC Help
Powered by ViewVC 1.1.28