restrict login to people of the group mga-commiters ( previous try was

not working with ssh key )

1 files changed, 7 insertions, 3 deletions

diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp
index 63e8b12f..e6e37bb8 100644
--- a/modules/pam/manifests/init.pp
+++ b/modules/pam/manifests/init.pp
@@ -43,14 +43,17 @@ class pam {
          content => template("pam/ldap.conf")
       }
   } 
-  
+ 
+  # beware , this two classes are exclusive
+ 
   # for server where only admins can connect
-  class admin_access inherits base {
+  class admin_access {
     $access_class = "admin"
+    include base
   }
 
   # for server where people can connect with ssh ( git, svn )
-  class committers_access inherits base {
+  class committers_access {
     # this is required, as we force the shell to be the restricted one
     # openssh will detect if the file do not exist and while refuse to log the
     # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
@@ -58,5 +61,6 @@ class pam {
     # permission to use svn, git, etc must be added separatly
     include restrictshell::shell
     $access_class = "committers"
+    include base
   }
 }