blob: cf73f3733226a4e962f99e889f6c9f6746872a29 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
# for server where people can connect with ssh ( git, svn )
class access_classes::committers {
# this is required, as we force the shell to be the restricted one
# openssh will detect if the file do not exist and while refuse to log the
# user, and erase the password ( see pam_auth.c in openssh code,
# seek badpw )
# so the file must exist
# permission to use svn, git, etc must be added separatly
class { 'pam::multiple_ldap_access':
access_classes => ['mga-shell_access'],
restricted_shell => true,
}
}
|
