From de5d12a142814441c921a34beb4f9eaf6fcf5a91 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Thu, 13 Jan 2011 20:07:12 +0000 Subject: rename access_class to access_classes ( better from a grammatical point of view ) --- deployment/access_class/manifests/init.pp | 33 ----------------------------- deployment/access_classes/manifests/init.pp | 33 +++++++++++++++++++++++++++++ manifests/nodes.pp | 4 ++-- 3 files changed, 35 insertions(+), 35 deletions(-) delete mode 100644 deployment/access_class/manifests/init.pp create mode 100644 deployment/access_classes/manifests/init.pp diff --git a/deployment/access_class/manifests/init.pp b/deployment/access_class/manifests/init.pp deleted file mode 100644 index 8d0bc78e..00000000 --- a/deployment/access_class/manifests/init.pp +++ /dev/null @@ -1,33 +0,0 @@ -class access_class { - - # beware , theses classes are exclusives - # if you need multiple group access, you need to define you own class - # of access - - # for server where only admins can connect - class admin { - pam::multiple_ldap_access { "admin": - access_classes => ['mga-sysadmin'] - } - } - - # for server where people can connect with ssh ( git, svn ) - class committers { - # this is required, as we force the shell to be the restricted one - # openssh will detect if the file do not exist and while refuse to log the - # user, and erase the password ( see pam_auth.c in openssh code, seek badpw ) - # so the file must exist - # permission to use svn, git, etc must be added separatly - - pam::multiple_ldap_access { "committers": - access_classes => ['mga-committers'], - restricted_shell => true, - } - } - - class iso_makers { - pam::multiple_ldap_access { "iso_makers": - access_classes => ['mga-iso_makers','mga-sysadmin'] - } - } -} diff --git a/deployment/access_classes/manifests/init.pp b/deployment/access_classes/manifests/init.pp new file mode 100644 index 00000000..5a380907 --- /dev/null +++ b/deployment/access_classes/manifests/init.pp @@ -0,0 +1,33 @@ +class access_classes { + + # beware , theses classes are exclusives + # if you need multiple group access, you need to define you own class + # of access + + # for server where only admins can connect + class admin { + pam::multiple_ldap_access { "admin": + access_classes => ['mga-sysadmin'] + } + } + + # for server where people can connect with ssh ( git, svn ) + class committers { + # this is required, as we force the shell to be the restricted one + # openssh will detect if the file do not exist and while refuse to log the + # user, and erase the password ( see pam_auth.c in openssh code, seek badpw ) + # so the file must exist + # permission to use svn, git, etc must be added separatly + + pam::multiple_ldap_access { "committers": + access_classes => ['mga-committers'], + restricted_shell => true, + } + } + + class iso_makers { + pam::multiple_ldap_access { "iso_makers": + access_classes => ['mga-iso_makers','mga-sysadmin'] + } + } +} diff --git a/manifests/nodes.pp b/manifests/nodes.pp index 86905260..e5d98f2d 100644 --- a/manifests/nodes.pp +++ b/manifests/nodes.pp @@ -21,7 +21,7 @@ node valstar { include buildsystem::mainnode include buildsystem::mgacreatehome - include access_class::committers + include access_classes::committers include restrictshell::allow_svn include restrictshell::allow_pkgsubmit include openssh::ssh_keys_from_ldap @@ -144,6 +144,6 @@ node rabbit { include default_mageia_server timezone::timezone { "Europe/Paris": } include bcd - include access_class::iso_makers + include access_classes::iso_makers include openssh::ssh_keys_from_ldap } -- cgit v1.2.1