aboutsummaryrefslogtreecommitdiffstats
path: root/modules/pam
Commit message (Collapse)AuthorAgeFilesLines
* pam: remove "dynamic lookup" warningsNicolas Vigier2012-12-182-1/+5
|
* Make pam::multiple_ldap_access a class instead of a defineNicolas Vigier2012-12-112-1/+2
| | | | | | | pam::multiple_ldap_access can only be included once. If it is included multiple time, the value of the variable $access_classes used in templates/system-auth is random. As it can only be included once, it should be a parameterized class and not a defined resource.
* split pam module into 3 filesMichael Scherer2012-03-173-30/+31
|
* manage /etc/openldap/ldap.conf by puppetMichael Scherer2012-02-152-0/+27
|
* clean nscd serviceMichael Scherer2012-02-151-2/+1
|
* cleanup and refactoring of pam moduleMichael Scherer2012-01-081-46/+23
|
* we do not use mdns on servers, so remove it as it seems to cause troubleMichael Scherer2011-05-241-1/+1
| | | | | on mandriva 2010.0, as used on gandi vm
* fix wrong class nameMichael Scherer2011-01-131-1/+1
|
* - allow to set access without forcing the restricted shell ( shouldMichael Scherer2011-01-132-2/+5
| | | | be done by openssh in fact, but that's easier to do like this for now )
* move the type of access_class to deployment ( as this is tied to our group ↵Michael Scherer2011-01-131-26/+0
| | | | name )
* allow to use multiple group for the access with pamMichael Scherer2011-01-132-11/+21
|
* restrict login to people of the group mga-commiters ( previous try wasMichael Scherer2010-11-242-9/+13
| | | | not working with ssh key )
* s/commiters/committers/, to be in sync with the ldap group name and the ↵Michael Scherer2010-11-242-4/+4
| | | | dictionnary
* move the group restriction at the top of the file, or they are uselessMichael Scherer2010-11-241-7/+7
|
* pam_wheel is made to be used with su only. pam_succeed_if seems to be the ↵Michael Scherer2010-11-241-2/+2
| | | | proper module
* remove empty line from the result file ( <% vs <%- )Michael Scherer2010-11-241-4/+4
|
* - add a comment so I do not have the impression to haveMichael Scherer2010-11-231-2/+6
| | | | lost 4h on debugging pam_ldap and openssh
* class was renamed 3 commits agoMichael Scherer2010-11-231-1/+1
|
* - rewrite restricted_shell, and split the shell in its own subclassMichael Scherer2010-11-231-0/+1
|
* Add timelimits for nss_ldap, enable password policyBuchan Milne2010-11-221-1/+3
|
* - set the ldap password in /etc/ldap.secretMichael Scherer2010-11-221-1/+8
|
* - make sure nscd is installed and runningMichael Scherer2010-11-221-1/+6
|
* - use the rootbinddn as preconized by buchan ( and let all access goesMichael Scherer2010-11-221-2/+2
| | | | through nscd )
* - use the first pass if proposed ( or pam ask the password 2 times )Michael Scherer2010-11-221-1/+1
|
* - add default password of x, so manifests do not fail on test vmsMichael Scherer2010-11-221-1/+1
|
* - add nssldap password handlingMichael Scherer2010-11-222-1/+5
|
* - ldaps is required ( ie no unencrypted connection )Michael Scherer2010-11-221-1/+1
|
* - remove erronous line ( and uneeded ), as this cause error when applying ↵Michael Scherer2010-11-221-2/+0
| | | | about "ressource already declared"
* - pam_mkhomedir is in pam, not in a separate rpmMichael Scherer2010-11-221-1/+1
|
* - do not let file with passwords to be world readable Michael Scherer2010-11-201-3/+0
| | | | | | | | ( even if being readable by apache is not good either, but needed as the password is used by apache ) - use ldaps for sympa - use the 2 new facter macro and remove the version copied everywhere - remove hardcoded domain in bugzilla and others
* - fix templates ( again )Michael Scherer2010-11-172-1/+30
| | | | | - add ldap.conf
* - fix templatesMichael Scherer2010-11-172-1/+25
| | | | | - add nsswitch.conf
* - better use heritanceMichael Scherer2010-11-171-13/+15
|
* - add a proto module for taking care of pam ( need pam_ldap, etc support, ↵Michael Scherer2010-11-172-0/+62
and a review of the pam config file too )