aboutsummaryrefslogtreecommitdiffstats
path: root/modules/pam/templates
diff options
context:
space:
mode:
authorMichael Scherer <misc@mageia.org>2010-11-24 01:39:17 +0000
committerMichael Scherer <misc@mageia.org>2010-11-24 01:39:17 +0000
commit625b66668ae93c99a1736cdf63d4aa62cba4aec2 (patch)
tree79c9c1dec4dd02e9c5896c46e5b0640d464f229d /modules/pam/templates
parent782caf3dd09dfa449e0e1e552af76b9c3ceb33cd (diff)
downloadpuppet-625b66668ae93c99a1736cdf63d4aa62cba4aec2.tar
puppet-625b66668ae93c99a1736cdf63d4aa62cba4aec2.tar.gz
puppet-625b66668ae93c99a1736cdf63d4aa62cba4aec2.tar.bz2
puppet-625b66668ae93c99a1736cdf63d4aa62cba4aec2.tar.xz
puppet-625b66668ae93c99a1736cdf63d4aa62cba4aec2.zip
move the group restriction at the top of the file, or they are useless
Diffstat (limited to 'modules/pam/templates')
-rw-r--r--modules/pam/templates/system-auth14
1 files changed, 7 insertions, 7 deletions
diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth
index 184553b4..9ae45fb7 100644
--- a/modules/pam/templates/system-auth
+++ b/modules/pam/templates/system-auth
@@ -1,16 +1,16 @@
-auth required pam_env.so
-# this part is here if the module don't exist
-# basically, the idea is to copy the exact detail of sufficient,
-# and add abort=ignore
-auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8
-auth sufficient pam_unix.so likeauth nullok try_first_pass
-auth sufficient pam_ldap.so use_first_pass
+auth required pam_env.so
<%- if access_class = 'admin' -%>
auth required pam_succeed_if.so quiet user ingroup mga-sysadmin
<%- end -%>
<%- if access_class = 'commiters' -%>
auth required pam_succeed_if.so quiet user ingroup mga-commiters
<%- end -%>
+# this part is here if the module don't exist
+# basically, the idea is to copy the exact detail of sufficient,
+# and add abort=ignore
+auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8
+auth sufficient pam_unix.so likeauth nullok try_first_pass
+auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so