diff options
author | Michael Scherer <misc@mageia.org> | 2010-11-24 02:50:45 +0000 |
---|---|---|
committer | Michael Scherer <misc@mageia.org> | 2010-11-24 02:50:45 +0000 |
commit | ae6ba130344466d36dac9988bb9bcbbd0256fb80 (patch) | |
tree | 155aae58ebce91964f9a02c6a2f8841b049289ec /modules/pam/templates | |
parent | ec4823b29d7792c9ca96d6e1a76bb43a111dfaac (diff) | |
download | puppet-ae6ba130344466d36dac9988bb9bcbbd0256fb80.tar puppet-ae6ba130344466d36dac9988bb9bcbbd0256fb80.tar.gz puppet-ae6ba130344466d36dac9988bb9bcbbd0256fb80.tar.bz2 puppet-ae6ba130344466d36dac9988bb9bcbbd0256fb80.tar.xz puppet-ae6ba130344466d36dac9988bb9bcbbd0256fb80.zip |
restrict login to people of the group mga-commiters ( previous try was
not working with ssh key )
Diffstat (limited to 'modules/pam/templates')
-rw-r--r-- | modules/pam/templates/system-auth | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth index 7dc3a47f..79c95264 100644 --- a/modules/pam/templates/system-auth +++ b/modules/pam/templates/system-auth @@ -1,10 +1,4 @@ auth required pam_env.so -<%- if access_class = 'admin' -%> -auth required pam_succeed_if.so quiet user ingroup mga-sysadmin -<%- end -%> -<%- if access_class = 'committers' -%> -auth required pam_succeed_if.so quiet user ingroup mga-committers -<%- end -%> # this part is here if the module don't exist # basically, the idea is to copy the exact detail of sufficient, # and add abort=ignore @@ -15,6 +9,12 @@ auth required pam_deny.so account sufficient pam_localuser.so +<%- if access_class == 'admin' -%> +account required pam_succeed_if.so quiet user ingroup mga-sysadmin +<%- end -%> +<%- if access_class == 'committers' -%> +account required pam_succeed_if.so quiet user ingroup mga-committers +<%- end -%> account sufficient pam_ldap.so account required pam_deny.so |