diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-November/000768.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-November/000768.html | 759 |
1 files changed, 759 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-November/000768.html b/zarb-ml/mageia-sysadm/2010-November/000768.html new file mode 100644 index 000000000..e9c27b121 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000768.html @@ -0,0 +1,759 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [369] move modules/ssh/manifests/init.pp as modules/ssh/manifests/auth.pp + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B369%5D%20move%20modules/ssh/manifests/init.pp%20as%0A%09modules/ssh/manifests/auth.pp&In-Reply-To=%3C20101122002550.931383F868%40valstar.mageia.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000742.html"> + <LINK REL="Next" HREF="000743.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [369] move modules/ssh/manifests/init.pp as modules/ssh/manifests/auth.pp</H1> + <B>root at mageia.org</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B369%5D%20move%20modules/ssh/manifests/init.pp%20as%0A%09modules/ssh/manifests/auth.pp&In-Reply-To=%3C20101122002550.931383F868%40valstar.mageia.org%3E" + TITLE="[Mageia-sysadm] [369] move modules/ssh/manifests/init.pp as modules/ssh/manifests/auth.pp">root at mageia.org + </A><BR> + <I>Mon Nov 22 01:25:50 CET 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000742.html">[Mageia-sysadm] [368] move modules/ssh_auth as modules/ssh +</A></li> + <LI>Next message: <A HREF="000743.html">[Mageia-sysadm] [370] valstar is the ssh keymaster +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#768">[ date ]</a> + <a href="thread.html#768">[ thread ]</a> + <a href="subject.html#768">[ subject ]</a> + <a href="author.html#768">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Revision: 369 +Author: blino +Date: 2010-11-22 01:25:50 +0100 (Mon, 22 Nov 2010) +Log Message: +----------- +move modules/ssh/manifests/init.pp as modules/ssh/manifests/auth.pp + +Added Paths: +----------- + puppet/modules/ssh/manifests/auth.pp + +Removed Paths: +------------- + puppet/modules/ssh/manifests/init.pp + +Copied: puppet/modules/ssh/manifests/auth.pp (from rev 368, puppet/modules/ssh/manifests/init.pp) +=================================================================== +--- puppet/modules/ssh/manifests/auth.pp (rev 0) ++++ puppet/modules/ssh/manifests/auth.pp 2010-11-22 00:25:50 UTC (rev 369) +@@ -0,0 +1,336 @@ ++# ========= ++# ssh::auth ++# ========= ++# ++# The latest official release and documentation for ssh::auth can always ++# be found at <A HREF="http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth">http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth</A> . ++# ++# Version: 0.3.2 ++# Release date: 2009-12-29 ++ ++class ssh::auth { ++ ++$keymaster_storage = "/var/lib/keys" ++ ++Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" } ++Notify { withpath => false } ++ ++ ++########################################################################## ++ ++ ++# ssh::auth::key ++ ++# Declare keys. The approach here is just to define a bunch of ++# virtual resources, representing key files on the keymaster, client, ++# and server. The virtual keys are then realized by ++# ssh::auth::{keymaster,client,server}, respectively. The reason for ++# doing things that way is that it makes ssh::auth::key into a "one ++# stop shop" where users can declare their keys with all of their ++# parameters, whether those parameters apply to the keymaster, server, ++# or client. The real work of creating, installing, and removing keys ++# is done in the private definitions called by the virtual resources: ++# ssh_auth_key_{master,server,client}. ++ ++define key ($ensure = "present", $filename = "", $force = false, $group = "puppet", $home = "", $keytype = "rsa", $length = 2048, $maxdays = "", $mindate = "", $options = "", $user = "") { ++ ++ ssh_auth_key_namecheck { "${title}-title": parm => "title", value => $title } ++ ++ # apply defaults ++ $_filename = $filename ? { "" => "id_${keytype}", default => $filename } ++ $_length = $keytype ? { "rsa" => $length, "dsa" => 1024 } ++ $_user = $user ? { ++ "" => regsubst($title, '^([^@]*)@?.*$', '\1'), ++ default => $user, ++ } ++ $_home = $home ? { "" => "/home/$_user", default => $home } ++ ++ ssh_auth_key_namecheck { "${title}-filename": parm => "filename", value => $_filename } ++ ++ @ssh_auth_key_master { $title: ++ ensure => $ensure, ++ force => $force, ++ keytype => $keytype, ++ length => $_length, ++ maxdays => $maxdays, ++ mindate => $mindate, ++ } ++ @ssh_auth_key_client { $title: ++ ensure => $ensure, ++ filename => $_filename, ++ group => $group, ++ home => $_home, ++ user => $_user, ++ } ++ @ssh_auth_key_server { $title: ++ ensure => $ensure, ++ group => $group, ++ home => $_home, ++ options => $options, ++ user => $_user, ++ } ++} ++ ++ ++########################################################################## ++ ++ ++# ssh::auth::keymaster ++# ++# Keymaster host: ++# Create key storage; create, regenerate, and remove key pairs ++ ++class keymaster { ++ ++ # Set up key storage ++ ++ file { $ssh::auth::keymaster_storage: ++ ensure => directory, ++ owner => puppet, ++ group => puppet, ++ mode => 644, ++ } ++ ++ # Realize all virtual master keys ++ Ssh_auth_key_master <| |> ++ ++} # class keymaster ++ ++ ++########################################################################## ++ ++ ++# ssh::auth::client ++# ++# Install generated key pairs onto clients ++ ++define client ($ensure = "", $filename = "", $group = "", $home = "", $user = "") { ++ ++ # Realize the virtual client keys. ++ # Override the defaults set in ssh::auth::key, as needed. ++ if $ensure { Ssh_auth_key_client <| title == $title |> { ensure => $ensure } } ++ if $filename { Ssh_auth_key_client <| title == $title |> { filename => $filename } } ++ if $group { Ssh_auth_key_client <| title == $title |> { group => $group } } ++ ++ if $user { Ssh_auth_key_client <| title == $title |> { user => $user, home => "/home/$user" } } ++ if $home { Ssh_auth_key_client <| title == $title |> { home => $home } } ++ ++ realize Ssh_auth_key_client[$title] ++ ++} # define client ++ ++ ++########################################################################## ++ ++ ++# ssh::auth::server ++# ++# Install public keys onto clients ++ ++define server ($ensure = "", $group = "", $home = "", $options = "", $user = "") { ++ ++ # Realize the virtual server keys. ++ # Override the defaults set in ssh::auth::key, as needed. ++ if $ensure { Ssh_auth_key_server <| title == $title |> { ensure => $ensure } } ++ if $group { Ssh_auth_key_server <| title == $title |> { group => $group } } ++ if $options { Ssh_auth_key_server <| title == $title |> { options => $options } } ++ ++ if $user { Ssh_auth_key_server <| title == $title |> { user => $user, home => "/home/$user" } } ++ if $home { Ssh_auth_key_server <| title == $title |> { home => $home } } ++ ++ realize Ssh_auth_key_server[$title] ++ ++} # define server ++ ++} # class ssh::auth ++ ++ ++########################################################################## ++ ++ ++# ssh_auth_key_master ++# ++# Create/regenerate/remove a key pair on the keymaster. ++# This definition is private, i.e. it is not intended to be called directly by users. ++# ssh::auth::key calls it to create virtual keys, which are realized in ssh::auth::keymaster. ++ ++define ssh_auth_key_master ($ensure, $force, $keytype, $length, $maxdays, $mindate) { ++ ++ Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" } ++ File { ++ owner => puppet, ++ group => puppet, ++ mode => 600, ++ } ++ ++ $keydir = "${ssh::auth::keymaster_storage}/${title}" ++ $keyfile = "${keydir}/key" ++ ++ file { ++ "$keydir": ++ ensure => directory, ++ mode => 644; ++ "$keyfile": ++ ensure => $ensure; ++ "${keyfile}.pub": ++ ensure => $ensure, ++ mode => 644; ++ } ++ ++ if $ensure == "present" { ++ ++ # Remove the existing key pair, if ++ # * $force is true, or ++ # * $maxdays or $mindate criteria aren't met, or ++ # * $keytype or $length have changed ++ ++ $keycontent = file("${keyfile}.pub", "/dev/null") ++ if $keycontent { ++ ++ if $force { ++ $reason = "force=true" ++ } ++ if !$reason and $mindate and generate("/usr/bin/find", $keyfile, "!", "-newermt", "${mindate}") { ++ $reason = "created before ${mindate}" ++ } ++ if !$reason and $maxdays and generate("/usr/bin/find", $keyfile, "-mtime", "+${maxdays}") { ++ $reason = "older than ${maxdays} days" ++ } ++ if !$reason and $keycontent =~ /^ssh-... [^ ]+ (...) (\d+)$/ { ++ if $keytype != $1 { $reason = "keytype changed: $1 -> $keytype" } ++ else { if $length != $2 { $reason = "length changed: $2 -> $length" } } ++ } ++ if $reason { ++ exec { "Revoke previous key ${title}: ${reason}": ++ command => "rm $keyfile ${keyfile}.pub", ++ before => Exec["Create key $title: $keytype, $length bits"], ++ } ++ } ++ } ++ ++ # Create the key pair. ++ # We "repurpose" the comment field in public keys on the keymaster to ++ # store data about the key, i.e. $keytype and $length. This avoids ++ # having to rerun ssh-keygen -l on every key at every run to determine ++ # the key length. ++ exec { "Create key $title: $keytype, $length bits": ++ command => "ssh-keygen -t ${keytype} -b ${length} -f ${keyfile} -C \"${keytype} ${length}\" -N \"\"", ++ user => "puppet", ++ group => "puppet", ++ creates => $keyfile, ++ require => File[$keydir], ++ before => File[$keyfile, "${keyfile}.pub"], ++ } ++ ++ } # if $ensure == "present" ++ ++} # define ssh_auth_key_master ++ ++ ++########################################################################## ++ ++ ++# ssh_auth_key_client ++# ++# Install a key pair into a user's account. ++# This definition is private, i.e. it is not intended to be called directly by users. ++ ++define ssh_auth_key_client ($ensure, $filename, $group, $home, $user) { ++ ++ File { ++ owner => $user, ++ group => $group, ++ mode => 600, ++ require => [ User[$user], File[$home]], ++ } ++ ++ $key_src_file = "${ssh::auth::keymaster_storage}/${title}/key" # on the keymaster ++ $key_tgt_file = "${home}/.ssh/${filename}" # on the client ++ ++ $key_src_content_pub = file("${key_src_file}.pub", "/dev/null") ++ if $ensure == "absent" or $key_src_content_pub =~ /^(ssh-...) ([^ ]+)/ { ++ $keytype = $1 ++ $modulus = $2 ++ file { ++ $key_tgt_file: ++ ensure => $ensure, ++ content => file($key_src_file, "/dev/null"); ++ "${key_tgt_file}.pub": ++ ensure => $ensure, ++ content => "$keytype $modulus $title\n", ++ mode => 644; ++ } ++ } else { ++ notify { "Private key file $key_src_file for key $title not found on keymaster; skipping ensure => present": } ++ } ++ ++} # define ssh_auth_key_client ++ ++ ++########################################################################## ++ ++ ++# ssh_auth_key_server ++# ++# Install a public key into a server user's authorized_keys(5) file. ++# This definition is private, i.e. it is not intended to be called directly by users. ++ ++define ssh_auth_key_server ($ensure, $group, $home, $options, $user) { ++ ++ # on the keymaster: ++ $key_src_dir = "${ssh::auth::keymaster_storage}/${title}" ++ $key_src_file = "${key_src_dir}/key.pub" ++ # on the server: ++ $key_tgt_file = "${home}/.ssh/authorized_keys" ++ ++ File { ++ owner => $user, ++ group => $group, ++ require => User[$user], ++ mode => 600, ++ } ++ Ssh_authorized_key { ++ user => $user, ++ target => $key_tgt_file, ++ } ++ ++ if $ensure == "absent" { ++ ssh_authorized_key { $title: ensure => "absent" } ++ } ++ else { ++ $key_src_content = file($key_src_file, "/dev/null") ++ if ! $key_src_content { ++ notify { "Public key file $key_src_file for key $title not found on keymaster; skipping ensure => present": } ++ } else { if $ensure == "present" and $key_src_content !~ /^(ssh-...) ([^ ]*)/ { ++ err("Can't parse public key file $key_src_file") ++ notify { "Can't parse public key file $key_src_file for key $title on the keymaster: skipping ensure => $ensure": } ++ } else { ++ $keytype = $1 ++ $modulus = $2 ++ ssh_authorized_key { $title: ++ ensure => "present", ++ type => $keytype, ++ key => $modulus, ++ options => $options ? { "" => undef, default => $options }, ++ } ++ }} # if ... else ... else ++ } # if ... else ++ ++} # define ssh_auth_key_server ++ ++ ++########################################################################## ++ ++ ++# ssh_auth_key_namecheck ++# ++# Check a name (e.g. key title or filename) for the allowed form ++ ++define ssh_auth_key_namecheck ($parm, $value) { ++ if $value !~ /^[A-Za-z0-9]/ { ++ fail("ssh::auth::key: $parm '$value' not allowed: must begin with a letter or digit") ++ } ++ if $value !~ /^[A-Za-z0-9_.:@-]+$/ { ++ fail("ssh::auth::key: $parm '$value' not allowed: may only contain the characters A-Za-z0-9_.:@-") ++ } ++} # define namecheck + +Deleted: puppet/modules/ssh/manifests/init.pp +=================================================================== +--- puppet/modules/ssh/manifests/init.pp 2010-11-22 00:25:33 UTC (rev 368) ++++ puppet/modules/ssh/manifests/init.pp 2010-11-22 00:25:50 UTC (rev 369) +@@ -1,336 +0,0 @@ +-# ========= +-# ssh::auth +-# ========= +-# +-# The latest official release and documentation for ssh::auth can always +-# be found at <A HREF="http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth">http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth</A> . +-# +-# Version: 0.3.2 +-# Release date: 2009-12-29 +- +-class ssh::auth { +- +-$keymaster_storage = "/var/lib/keys" +- +-Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" } +-Notify { withpath => false } +- +- +-########################################################################## +- +- +-# ssh::auth::key +- +-# Declare keys. The approach here is just to define a bunch of +-# virtual resources, representing key files on the keymaster, client, +-# and server. The virtual keys are then realized by +-# ssh::auth::{keymaster,client,server}, respectively. The reason for +-# doing things that way is that it makes ssh::auth::key into a "one +-# stop shop" where users can declare their keys with all of their +-# parameters, whether those parameters apply to the keymaster, server, +-# or client. The real work of creating, installing, and removing keys +-# is done in the private definitions called by the virtual resources: +-# ssh_auth_key_{master,server,client}. +- +-define key ($ensure = "present", $filename = "", $force = false, $group = "puppet", $home = "", $keytype = "rsa", $length = 2048, $maxdays = "", $mindate = "", $options = "", $user = "") { +- +- ssh_auth_key_namecheck { "${title}-title": parm => "title", value => $title } +- +- # apply defaults +- $_filename = $filename ? { "" => "id_${keytype}", default => $filename } +- $_length = $keytype ? { "rsa" => $length, "dsa" => 1024 } +- $_user = $user ? { +- "" => regsubst($title, '^([^@]*)@?.*$', '\1'), +- default => $user, +- } +- $_home = $home ? { "" => "/home/$_user", default => $home } +- +- ssh_auth_key_namecheck { "${title}-filename": parm => "filename", value => $_filename } +- +- @ssh_auth_key_master { $title: +- ensure => $ensure, +- force => $force, +- keytype => $keytype, +- length => $_length, +- maxdays => $maxdays, +- mindate => $mindate, +- } +- @ssh_auth_key_client { $title: +- ensure => $ensure, +- filename => $_filename, +- group => $group, +- home => $_home, +- user => $_user, +- } +- @ssh_auth_key_server { $title: +- ensure => $ensure, +- group => $group, +- home => $_home, +- options => $options, +- user => $_user, +- } +-} +- +- +-########################################################################## +- +- +-# ssh::auth::keymaster +-# +-# Keymaster host: +-# Create key storage; create, regenerate, and remove key pairs +- +-class keymaster { +- +- # Set up key storage +- +- file { $ssh::auth::keymaster_storage: +- ensure => directory, +- owner => puppet, +- group => puppet, +- mode => 644, +- } +- +- # Realize all virtual master keys +- Ssh_auth_key_master <| |> +- +-} # class keymaster +- +- +-########################################################################## +- +- +-# ssh::auth::client +-# +-# Install generated key pairs onto clients +- +-define client ($ensure = "", $filename = "", $group = "", $home = "", $user = "") { +- +- # Realize the virtual client keys. +- # Override the defaults set in ssh::auth::key, as needed. +- if $ensure { Ssh_auth_key_client <| title == $title |> { ensure => $ensure } } +- if $filename { Ssh_auth_key_client <| title == $title |> { filename => $filename } } +- if $group { Ssh_auth_key_client <| title == $title |> { group => $group } } +- +- if $user { Ssh_auth_key_client <| title == $title |> { user => $user, home => "/home/$user" } } +- if $home { Ssh_auth_key_client <| title == $title |> { home => $home } } +- +- realize Ssh_auth_key_client[$title] +- +-} # define client +- +- +-########################################################################## +- +- +-# ssh::auth::server +-# +-# Install public keys onto clients +- +-define server ($ensure = "", $group = "", $home = "", $options = "", $user = "") { +- +- # Realize the virtual server keys. +- # Override the defaults set in ssh::auth::key, as needed. +- if $ensure { Ssh_auth_key_server <| title == $title |> { ensure => $ensure } } +- if $group { Ssh_auth_key_server <| title == $title |> { group => $group } } +- if $options { Ssh_auth_key_server <| title == $title |> { options => $options } } +- +- if $user { Ssh_auth_key_server <| title == $title |> { user => $user, home => "/home/$user" } } +- if $home { Ssh_auth_key_server <| title == $title |> { home => $home } } +- +- realize Ssh_auth_key_server[$title] +- +-} # define server +- +-} # class ssh::auth +- +- +-########################################################################## +- +- +-# ssh_auth_key_master +-# +-# Create/regenerate/remove a key pair on the keymaster. +-# This definition is private, i.e. it is not intended to be called directly by users. +-# ssh::auth::key calls it to create virtual keys, which are realized in ssh::auth::keymaster. +- +-define ssh_auth_key_master ($ensure, $force, $keytype, $length, $maxdays, $mindate) { +- +- Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" } +- File { +- owner => puppet, +- group => puppet, +- mode => 600, +- } +- +- $keydir = "${ssh::auth::keymaster_storage}/${title}" +- $keyfile = "${keydir}/key" +- +- file { +- "$keydir": +- ensure => directory, +- mode => 644; +- "$keyfile": +- ensure => $ensure; +- "${keyfile}.pub": +- ensure => $ensure, +- mode => 644; +- } +- +- if $ensure == "present" { +- +- # Remove the existing key pair, if +- # * $force is true, or +- # * $maxdays or $mindate criteria aren't met, or +- # * $keytype or $length have changed +- +- $keycontent = file("${keyfile}.pub", "/dev/null") +- if $keycontent { +- +- if $force { +- $reason = "force=true" +- } +- if !$reason and $mindate and generate("/usr/bin/find", $keyfile, "!", "-newermt", "${mindate}") { +- $reason = "created before ${mindate}" +- } +- if !$reason and $maxdays and generate("/usr/bin/find", $keyfile, "-mtime", "+${maxdays}") { +- $reason = "older than ${maxdays} days" +- } +- if !$reason and $keycontent =~ /^ssh-... [^ ]+ (...) (\d+)$/ { +- if $keytype != $1 { $reason = "keytype changed: $1 -> $keytype" } +- else { if $length != $2 { $reason = "length changed: $2 -> $length" } } +- } +- if $reason { +- exec { "Revoke previous key ${title}: ${reason}": +- command => "rm $keyfile ${keyfile}.pub", +- before => Exec["Create key $title: $keytype, $length bits"], +- } +- } +- } +- +- # Create the key pair. +- # We "repurpose" the comment field in public keys on the keymaster to +- # store data about the key, i.e. $keytype and $length. This avoids +- # having to rerun ssh-keygen -l on every key at every run to determine +- # the key length. +- exec { "Create key $title: $keytype, $length bits": +- command => "ssh-keygen -t ${keytype} -b ${length} -f ${keyfile} -C \"${keytype} ${length}\" -N \"\"", +- user => "puppet", +- group => "puppet", +- creates => $keyfile, +- require => File[$keydir], +- before => File[$keyfile, "${keyfile}.pub"], +- } +- +- } # if $ensure == "present" +- +-} # define ssh_auth_key_master +- +- +-########################################################################## +- +- +-# ssh_auth_key_client +-# +-# Install a key pair into a user's account. +-# This definition is private, i.e. it is not intended to be called directly by users. +- +-define ssh_auth_key_client ($ensure, $filename, $group, $home, $user) { +- +- File { +- owner => $user, +- group => $group, +- mode => 600, +- require => [ User[$user], File[$home]], +- } +- +- $key_src_file = "${ssh::auth::keymaster_storage}/${title}/key" # on the keymaster +- $key_tgt_file = "${home}/.ssh/${filename}" # on the client +- +- $key_src_content_pub = file("${key_src_file}.pub", "/dev/null") +- if $ensure == "absent" or $key_src_content_pub =~ /^(ssh-...) ([^ ]+)/ { +- $keytype = $1 +- $modulus = $2 +- file { +- $key_tgt_file: +- ensure => $ensure, +- content => file($key_src_file, "/dev/null"); +- "${key_tgt_file}.pub": +- ensure => $ensure, +- content => "$keytype $modulus $title\n", +- mode => 644; +- } +- } else { +- notify { "Private key file $key_src_file for key $title not found on keymaster; skipping ensure => present": } +- } +- +-} # define ssh_auth_key_client +- +- +-########################################################################## +- +- +-# ssh_auth_key_server +-# +-# Install a public key into a server user's authorized_keys(5) file. +-# This definition is private, i.e. it is not intended to be called directly by users. +- +-define ssh_auth_key_server ($ensure, $group, $home, $options, $user) { +- +- # on the keymaster: +- $key_src_dir = "${ssh::auth::keymaster_storage}/${title}" +- $key_src_file = "${key_src_dir}/key.pub" +- # on the server: +- $key_tgt_file = "${home}/.ssh/authorized_keys" +- +- File { +- owner => $user, +- group => $group, +- require => User[$user], +- mode => 600, +- } +- Ssh_authorized_key { +- user => $user, +- target => $key_tgt_file, +- } +- +- if $ensure == "absent" { +- ssh_authorized_key { $title: ensure => "absent" } +- } +- else { +- $key_src_content = file($key_src_file, "/dev/null") +- if ! $key_src_content { +- notify { "Public key file $key_src_file for key $title not found on keymaster; skipping ensure => present": } +- } else { if $ensure == "present" and $key_src_content !~ /^(ssh-...) ([^ ]*)/ { +- err("Can't parse public key file $key_src_file") +- notify { "Can't parse public key file $key_src_file for key $title on the keymaster: skipping ensure => $ensure": } +- } else { +- $keytype = $1 +- $modulus = $2 +- ssh_authorized_key { $title: +- ensure => "present", +- type => $keytype, +- key => $modulus, +- options => $options ? { "" => undef, default => $options }, +- } +- }} # if ... else ... else +- } # if ... else +- +-} # define ssh_auth_key_server +- +- +-########################################################################## +- +- +-# ssh_auth_key_namecheck +-# +-# Check a name (e.g. key title or filename) for the allowed form +- +-define ssh_auth_key_namecheck ($parm, $value) { +- if $value !~ /^[A-Za-z0-9]/ { +- fail("ssh::auth::key: $parm '$value' not allowed: must begin with a letter or digit") +- } +- if $value !~ /^[A-Za-z0-9_.:@-]+$/ { +- fail("ssh::auth::key: $parm '$value' not allowed: may only contain the characters A-Za-z0-9_.:@-") +- } +-} # define namecheck +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: </pipermail/mageia-sysadm/attachments/20101122/7a65dfdd/attachment-0001.html> +</PRE> + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000742.html">[Mageia-sysadm] [368] move modules/ssh_auth as modules/ssh +</A></li> + <LI>Next message: <A HREF="000743.html">[Mageia-sysadm] [370] valstar is the ssh keymaster +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#768">[ date ]</a> + <a href="thread.html#768">[ thread ]</a> + <a href="subject.html#768">[ subject ]</a> + <a href="author.html#768">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |