/[adm]/puppet/modules/pam/manifests/init.pp
ViewVC logotype

Diff of /puppet/modules/pam/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 450 by misc, Wed Nov 24 02:08:32 2010 UTC revision 451 by misc, Wed Nov 24 02:50:45 2010 UTC
# Line 43  class pam { Line 43  class pam {
43           content => template("pam/ldap.conf")           content => template("pam/ldap.conf")
44        }        }
45    }    }
46      
47      # beware , this two classes are exclusive
48    
49    # for server where only admins can connect    # for server where only admins can connect
50    class admin_access inherits base {    class admin_access {
51      $access_class = "admin"      $access_class = "admin"
52        include base
53    }    }
54    
55    # for server where people can connect with ssh ( git, svn )    # for server where people can connect with ssh ( git, svn )
56    class committers_access inherits base {    class committers_access {
57      # this is required, as we force the shell to be the restricted one      # this is required, as we force the shell to be the restricted one
58      # openssh will detect if the file do not exist and while refuse to log the      # openssh will detect if the file do not exist and while refuse to log the
59      # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )      # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
# Line 58  class pam { Line 61  class pam {
61      # permission to use svn, git, etc must be added separatly      # permission to use svn, git, etc must be added separatly
62      include restrictshell::shell      include restrictshell::shell
63      $access_class = "committers"      $access_class = "committers"
64        include base
65    }    }
66  }  }
Legend:
Removed from v.450  
changed lines
  Added in v.451
  ViewVC Help
Powered by ViewVC 1.1.30