[Mageia-sysadm] [449] move the group restriction at the top of the file, or they are useless
root at mageia.org
root at mageia.org
Wed Nov 24 02:39:17 CET 2010
Revision: 449
Author: misc
Date: 2010-11-24 02:39:17 +0100 (Wed, 24 Nov 2010)
Log Message:
-----------
move the group restriction at the top of the file, or they are useless
Modified Paths:
--------------
puppet/modules/pam/templates/system-auth
Modified: puppet/modules/pam/templates/system-auth
===================================================================
--- puppet/modules/pam/templates/system-auth 2010-11-24 01:27:30 UTC (rev 448)
+++ puppet/modules/pam/templates/system-auth 2010-11-24 01:39:17 UTC (rev 449)
@@ -1,16 +1,16 @@
-auth required pam_env.so
+auth required pam_env.so
+<%- if access_class = 'admin' -%>
+auth required pam_succeed_if.so quiet user ingroup mga-sysadmin
+<%- end -%>
+<%- if access_class = 'commiters' -%>
+auth required pam_succeed_if.so quiet user ingroup mga-commiters
+<%- end -%>
# this part is here if the module don't exist
# basically, the idea is to copy the exact detail of sufficient,
# and add abort=ignore
auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8
auth sufficient pam_unix.so likeauth nullok try_first_pass
auth sufficient pam_ldap.so use_first_pass
-<%- if access_class = 'admin' -%>
-auth required pam_succeed_if.so quiet user ingroup mga-sysadmin
-<%- end -%>
-<%- if access_class = 'commiters' -%>
-auth required pam_succeed_if.so quiet user ingroup mga-commiters
-<%- end -%>
auth required pam_deny.so
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101124/190baf95/attachment-0001.html>
More information about the Mageia-sysadm
mailing list