[Mageia-sysadm] [780] move the type of access_class to deployment ( as this is tied to our group name )
root at mageia.org
root at mageia.org
Thu Jan 13 19:12:32 CET 2011
Revision: 780
Author: misc
Date: 2011-01-13 19:12:32 +0100 (Thu, 13 Jan 2011)
Log Message:
-----------
move the type of access_class to deployment ( as this is tied to our group name )
Modified Paths:
--------------
puppet/manifests/nodes.pp
puppet/modules/pam/manifests/init.pp
Added Paths:
-----------
puppet/deployment/access_class/
puppet/deployment/access_class/manifests/
puppet/deployment/access_class/manifests/init.pp
Added: puppet/deployment/access_class/manifests/init.pp
===================================================================
--- puppet/deployment/access_class/manifests/init.pp (rev 0)
+++ puppet/deployment/access_class/manifests/init.pp 2011-01-13 18:12:32 UTC (rev 780)
@@ -0,0 +1,28 @@
+class access_class {
+
+ # beware , theses classes are exclusives
+ # if you need multiple group access, you need to define you own class
+ # of access
+
+ # for server where only admins can connect
+ class admin {
+ pam::multiple_ldap_access { "admin":
+ access_classes => ['mga-sysadmin']
+ }
+ }
+
+ # for server where people can connect with ssh ( git, svn )
+ class committers {
+ # this is required, as we force the shell to be the restricted one
+ # openssh will detect if the file do not exist and while refuse to log the
+ # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
+ # so the file must exist
+ # permission to use svn, git, etc must be added separatly
+
+ include restrictshell::shell
+
+ pam::multiple_ldap_access { "committers":
+ access_classes => ['mga-commiters']
+ }
+ }
+}
Modified: puppet/manifests/nodes.pp
===================================================================
--- puppet/manifests/nodes.pp 2011-01-13 18:12:31 UTC (rev 779)
+++ puppet/manifests/nodes.pp 2011-01-13 18:12:32 UTC (rev 780)
@@ -21,7 +21,7 @@
include buildsystem::mainnode
include buildsystem::mgacreatehome
- include pam::committers_access
+ include access_class::committers
include restrictshell::allow_svn
include restrictshell::allow_pkgsubmit
include openssh::ssh_keys_from_ldap
Modified: puppet/modules/pam/manifests/init.pp
===================================================================
--- puppet/modules/pam/manifests/init.pp 2011-01-13 18:12:31 UTC (rev 779)
+++ puppet/modules/pam/manifests/init.pp 2011-01-13 18:12:32 UTC (rev 780)
@@ -47,30 +47,4 @@
define multiple_ldap_access($access_classes) {
include base
}
-
- # beware , this two classes are exclusives
- # if you need multiple group access, you need to define you own class
- # of access
-
- # for server where only admins can connect
- class admin_access {
- multiple_ldap_access { "admin_access":
- access_classes => ['mga-sysadmin']
- }
- }
-
- # for server where people can connect with ssh ( git, svn )
- class committers_access {
- # this is required, as we force the shell to be the restricted one
- # openssh will detect if the file do not exist and while refuse to log the
- # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
- # so the file must exist
- # permission to use svn, git, etc must be added separatly
-
- include restrictshell::shell
-
- multiple_ldap_access { "committers_access":
- access_classes => ['mga-commiters']
- }
- }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20110113/b11cf251/attachment-0001.html>
More information about the Mageia-sysadm
mailing list