/[adm]/puppet/modules/pam/manifests/init.pp
ViewVC logotype

Diff of /puppet/modules/pam/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 451 by misc, Wed Nov 24 02:50:45 2010 UTC revision 779 by misc, Thu Jan 13 18:12:31 2011 UTC
# Line 43  class pam { Line 43  class pam {
43           content => template("pam/ldap.conf")           content => template("pam/ldap.conf")
44        }        }
45    }    }
46    
47      define multiple_ldap_access($access_classes) {
48        include base
49      }
50    
51    # beware , this two classes are exclusive    # beware , this two classes are exclusives
52      # if you need multiple group access, you need to define you own class
53      # of access  
54    
55    # for server where only admins can connect    # for server where only admins can connect
56    class admin_access {    class admin_access {
57      $access_class = "admin"      multiple_ldap_access { "admin_access":
58      include base          access_classes => ['mga-sysadmin']
59        }
60    }    }
61    
62    # for server where people can connect with ssh ( git, svn )    # for server where people can connect with ssh ( git, svn )
# Line 59  class pam { Line 66  class pam {
66      # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )      # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
67      # so the file must exist      # so the file must exist
68      # permission to use svn, git, etc must be added separatly      # permission to use svn, git, etc must be added separatly
69        
70      include restrictshell::shell      include restrictshell::shell
71      $access_class = "committers"  
72      include base      multiple_ldap_access { "committers_access":
73            access_classes => ['mga-commiters']
74        }
75    }    }
76  }  }
Legend:
Removed from v.451  
changed lines
  Added in v.779
  ViewVC Help
Powered by ViewVC 1.1.30