/[adm]/puppet/deployment/access_classes/manifests/init.pp
ViewVC logotype

Contents of /puppet/deployment/access_classes/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log


Revision 788 - (show annotations) (download)
Thu Jan 13 20:07:12 2011 UTC (13 years, 1 month ago) by misc
File size: 995 byte(s)
rename access_class to access_classes ( better from a grammatical point of view )
1 class access_classes {
2
3 # beware , theses classes are exclusives
4 # if you need multiple group access, you need to define you own class
5 # of access
6
7 # for server where only admins can connect
8 class admin {
9 pam::multiple_ldap_access { "admin":
10 access_classes => ['mga-sysadmin']
11 }
12 }
13
14 # for server where people can connect with ssh ( git, svn )
15 class committers {
16 # this is required, as we force the shell to be the restricted one
17 # openssh will detect if the file do not exist and while refuse to log the
18 # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
19 # so the file must exist
20 # permission to use svn, git, etc must be added separatly
21
22 pam::multiple_ldap_access { "committers":
23 access_classes => ['mga-committers'],
24 restricted_shell => true,
25 }
26 }
27
28 class iso_makers {
29 pam::multiple_ldap_access { "iso_makers":
30 access_classes => ['mga-iso_makers','mga-sysadmin']
31 }
32 }
33 }

  ViewVC Help
Powered by ViewVC 1.1.30