43 |
content => template("pam/ldap.conf") |
content => template("pam/ldap.conf") |
44 |
} |
} |
45 |
} |
} |
46 |
|
|
47 |
|
# beware , this two classes are exclusive |
48 |
|
|
49 |
# for server where only admins can connect |
# for server where only admins can connect |
50 |
class admin_access inherits base { |
class admin_access { |
51 |
$access_class = "admin" |
$access_class = "admin" |
52 |
|
include base |
53 |
} |
} |
54 |
|
|
55 |
# for server where people can connect with ssh ( git, svn ) |
# for server where people can connect with ssh ( git, svn ) |
56 |
class committers_access inherits base { |
class committers_access { |
57 |
# this is required, as we force the shell to be the restricted one |
# this is required, as we force the shell to be the restricted one |
58 |
# openssh will detect if the file do not exist and while refuse to log the |
# openssh will detect if the file do not exist and while refuse to log the |
59 |
# user, and erase the password ( see pam_auth.c in openssh code, seek badpw ) |
# user, and erase the password ( see pam_auth.c in openssh code, seek badpw ) |
61 |
# permission to use svn, git, etc must be added separatly |
# permission to use svn, git, etc must be added separatly |
62 |
include restrictshell::shell |
include restrictshell::shell |
63 |
$access_class = "committers" |
$access_class = "committers" |
64 |
|
include base |
65 |
} |
} |
66 |
} |
} |