aboutsummaryrefslogtreecommitdiffstats
path: root/modules/pam/manifests
diff options
context:
space:
mode:
authorMichael Scherer <misc@mageia.org>2011-01-13 18:12:31 +0000
committerMichael Scherer <misc@mageia.org>2011-01-13 18:12:31 +0000
commitd3afcb16658f3486a4a41fcd57a2b067e4848ce7 (patch)
treee91d81a8383dcf93e0a422aa2838de00627874dc /modules/pam/manifests
parent4d79949ce968bfef4b699d67ad2b647afcbe3c8f (diff)
downloadpuppet-d3afcb16658f3486a4a41fcd57a2b067e4848ce7.tar
puppet-d3afcb16658f3486a4a41fcd57a2b067e4848ce7.tar.gz
puppet-d3afcb16658f3486a4a41fcd57a2b067e4848ce7.tar.bz2
puppet-d3afcb16658f3486a4a41fcd57a2b067e4848ce7.tar.xz
puppet-d3afcb16658f3486a4a41fcd57a2b067e4848ce7.zip
allow to use multiple group for the access with pam
Diffstat (limited to 'modules/pam/manifests')
-rw-r--r--modules/pam/manifests/init.pp20
1 files changed, 15 insertions, 5 deletions
diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp
index e6e37bb8..732957c4 100644
--- a/modules/pam/manifests/init.pp
+++ b/modules/pam/manifests/init.pp
@@ -43,13 +43,20 @@ class pam {
content => template("pam/ldap.conf")
}
}
+
+ define multiple_ldap_access($access_classes) {
+ include base
+ }
- # beware , this two classes are exclusive
+ # beware , this two classes are exclusives
+ # if you need multiple group access, you need to define you own class
+ # of access
# for server where only admins can connect
class admin_access {
- $access_class = "admin"
- include base
+ multiple_ldap_access { "admin_access":
+ access_classes => ['mga-sysadmin']
+ }
}
# for server where people can connect with ssh ( git, svn )
@@ -59,8 +66,11 @@ class pam {
# user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
# so the file must exist
# permission to use svn, git, etc must be added separatly
+
include restrictshell::shell
- $access_class = "committers"
- include base
+
+ multiple_ldap_access { "committers_access":
+ access_classes => ['mga-commiters']
+ }
}
}