diff options
| author | Michael Scherer <misc@mageia.org> | 2011-01-13 19:41:24 +0000 |
|---|---|---|
| committer | Michael Scherer <misc@mageia.org> | 2011-01-13 19:41:24 +0000 |
| commit | 208309ae35c69cf7a83d1f2f67c5fe288c03657a (patch) | |
| tree | c4067046cb36b55867baa6e5f5f7e4e7d82ead0b /modules/pam | |
| parent | 8a9269d2ec2839c278a84f0caf73c6413d01918a (diff) | |
| download | puppet-208309ae35c69cf7a83d1f2f67c5fe288c03657a.tar puppet-208309ae35c69cf7a83d1f2f67c5fe288c03657a.tar.gz puppet-208309ae35c69cf7a83d1f2f67c5fe288c03657a.tar.bz2 puppet-208309ae35c69cf7a83d1f2f67c5fe288c03657a.tar.xz puppet-208309ae35c69cf7a83d1f2f67c5fe288c03657a.zip | |
- allow to set access without forcing the restricted shell ( should
be done by openssh in fact, but that's easier to do like this for now )
Diffstat (limited to 'modules/pam')
| -rw-r--r-- | modules/pam/manifests/init.pp | 5 | ||||
| -rw-r--r-- | modules/pam/templates/ldap.conf | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp index 246bb4f6..b7860a4d 100644 --- a/modules/pam/manifests/init.pp +++ b/modules/pam/manifests/init.pp @@ -44,7 +44,10 @@ class pam { } } - define multiple_ldap_access($access_classes) { + define multiple_ldap_access($access_classes,$restricted_shell = false) { + if $restricted_shell { + include restricted_shell + } include base } } diff --git a/modules/pam/templates/ldap.conf b/modules/pam/templates/ldap.conf index f346873a..a1d751cf 100644 --- a/modules/pam/templates/ldap.conf +++ b/modules/pam/templates/ldap.conf @@ -15,7 +15,7 @@ nss_map_attribute uniqueMember member sudoers_base ou=sudoers,<%= dc_suffix %> #sudoers_debug 2 -<% if access_class = 'commiters' %> +<% if restricted_shell %> # for restricted access nss_override_attribute_value loginShell /usr/local/bin/sv_membersh.pl <% end %> |