[Mageia-sysadm] [449] move the group restriction at the top of the file, or they are useless

root at mageia.org root at mageia.org
Wed Nov 24 02:39:17 CET 2010


Revision: 449
Author:   misc
Date:     2010-11-24 02:39:17 +0100 (Wed, 24 Nov 2010)
Log Message:
-----------
move the group restriction at the top of the file, or they are useless

Modified Paths:
--------------
    puppet/modules/pam/templates/system-auth

Modified: puppet/modules/pam/templates/system-auth
===================================================================
--- puppet/modules/pam/templates/system-auth	2010-11-24 01:27:30 UTC (rev 448)
+++ puppet/modules/pam/templates/system-auth	2010-11-24 01:39:17 UTC (rev 449)
@@ -1,16 +1,16 @@
-auth    required    pam_env.so
+auth    required     pam_env.so
+<%- if access_class = 'admin' -%>
+auth    required     pam_succeed_if.so quiet user ingroup mga-sysadmin
+<%- end -%>
+<%- if access_class = 'commiters' -%>
+auth    required     pam_succeed_if.so quiet user ingroup mga-commiters
+<%- end -%>
 # this part is here if the module don't exist
 # basically, the idea is to copy the exact detail of sufficient,
 # and add abort=ignore
 auth    [abort=ignore success=done new_authtok_reqd=done default=ignore]  pam_tcb.so shadow fork nullok prefix=$2a$ count=8
 auth    sufficient   pam_unix.so likeauth nullok try_first_pass
 auth    sufficient   pam_ldap.so use_first_pass
-<%- if access_class = 'admin' -%>
-auth    required     pam_succeed_if.so quiet user ingroup mga-sysadmin
-<%- end -%>
-<%- if access_class = 'commiters' -%>
-auth    required     pam_succeed_if.so quiet user ingroup mga-commiters
-<%- end -%>
 auth    required     pam_deny.so
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101124/190baf95/attachment-0001.html>


More information about the Mageia-sysadm mailing list