1 |
misc |
265 |
class pam { |
2 |
|
|
|
3 |
misc |
266 |
class base { |
4 |
misc |
390 |
package { ["pam_ldap","nss_ldap","nscd"]: |
5 |
misc |
266 |
ensure => installed, |
6 |
|
|
} |
7 |
misc |
265 |
|
8 |
misc |
390 |
service { nscd: |
9 |
|
|
ensure => running, |
10 |
|
|
path => '/etc/init.d/nscd', |
11 |
|
|
} |
12 |
|
|
|
13 |
misc |
266 |
file { "system-auth": |
14 |
|
|
path => "/etc/pam.d/system-auth", |
15 |
|
|
owner => root, |
16 |
|
|
group => root, |
17 |
|
|
mode => 644, |
18 |
misc |
267 |
content => template("pam/system-auth") |
19 |
misc |
266 |
} |
20 |
misc |
267 |
|
21 |
|
|
file { "nsswitch.conf": |
22 |
|
|
path => "/etc/nsswitch.conf", |
23 |
|
|
owner => root, |
24 |
|
|
group => root, |
25 |
|
|
mode => 644, |
26 |
misc |
269 |
content => template("pam/nsswitch.conf") |
27 |
misc |
267 |
} |
28 |
misc |
377 |
|
29 |
misc |
391 |
$ldap_password = extlookup("${fqdn}_ldap_password",'x') |
30 |
|
|
file { "ldap.secret": |
31 |
|
|
path => "/etc/ldap.secret", |
32 |
|
|
owner => root, |
33 |
|
|
group => root, |
34 |
|
|
mode => 600, |
35 |
|
|
content => $ldap_password |
36 |
|
|
} |
37 |
misc |
377 |
|
38 |
misc |
269 |
file { "ldap.conf": |
39 |
|
|
path => "/etc/ldap.conf", |
40 |
|
|
owner => root, |
41 |
|
|
group => root, |
42 |
|
|
mode => 644, |
43 |
|
|
content => template("pam/ldap.conf") |
44 |
|
|
} |
45 |
misc |
266 |
} |
46 |
misc |
265 |
|
47 |
|
|
# for server where only admin can connect |
48 |
misc |
266 |
class admin_access inherits base { |
49 |
misc |
265 |
$access_class = "admin" |
50 |
misc |
266 |
# not sure if this line is needed anymore, wil check later |
51 |
misc |
265 |
} |
52 |
|
|
|
53 |
|
|
# for server where people can connect with ssh ( git, svn ) |
54 |
misc |
266 |
class commiters_access inherits base { |
55 |
misc |
410 |
include restrictshell::shell |
56 |
misc |
265 |
$access_class = "commiters" |
57 |
|
|
} |
58 |
|
|
} |