[Mageia-sysadm] [411] - add a comment so I do not have the impression to have
root at mageia.org
root at mageia.org
Tue Nov 23 02:11:15 CET 2010
Revision: 411
Author: misc
Date: 2010-11-23 02:11:15 +0100 (Tue, 23 Nov 2010)
Log Message:
-----------
- add a comment so I do not have the impression to have
lost 4h on debugging pam_ldap and openssh
Modified Paths:
--------------
puppet/modules/pam/manifests/init.pp
Modified: puppet/modules/pam/manifests/init.pp
===================================================================
--- puppet/modules/pam/manifests/init.pp 2010-11-23 01:11:14 UTC (rev 410)
+++ puppet/modules/pam/manifests/init.pp 2010-11-23 01:11:15 UTC (rev 411)
@@ -44,14 +44,18 @@
}
}
- # for server where only admin can connect
+ # for server where only admins can connect
class admin_access inherits base {
$access_class = "admin"
- # not sure if this line is needed anymore, wil check later
}
# for server where people can connect with ssh ( git, svn )
class commiters_access inherits base {
+ # this is required, as we force the shell to be the restricted one
+ # openssh will detect if the file do not exist and while refuse to log the
+ # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
+ # so the file must exist
+ # permission to use svn, git, etc must be added separatly
include restrictshell::shell
$access_class = "commiters"
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101123/6cdd37f8/attachment.html>
More information about the Mageia-sysadm
mailing list