diff options
| author | Olivier Blin <dev@blino.org> | 2017-02-21 01:45:18 +0100 |
|---|---|---|
| committer | Olivier Blin <dev@blino.org> | 2017-02-21 01:46:43 +0100 |
| commit | 46a24792a42345d11d073137a8665e03ffec2cfc (patch) | |
| tree | faa797a0caed112487beb25d16c056cfe4891569 /modules/pam | |
| parent | aff33f5d63727c767056eee13cffd38b694b329c (diff) | |
| download | puppet-46a24792a42345d11d073137a8665e03ffec2cfc.tar puppet-46a24792a42345d11d073137a8665e03ffec2cfc.tar.gz puppet-46a24792a42345d11d073137a8665e03ffec2cfc.tar.bz2 puppet-46a24792a42345d11d073137a8665e03ffec2cfc.tar.xz puppet-46a24792a42345d11d073137a8665e03ffec2cfc.zip | |
Implicitely allow mga-sysadmin login for all access classes
Like done already for mga-unrestricted_shell_access.
There is no easy way to concatenate arrays in puppet, the rules are
kept inlined for mga-sysadmin and mga-unrestricted_shell_access.
Diffstat (limited to 'modules/pam')
| -rw-r--r-- | modules/pam/templates/system-auth | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth index 6ce40a9d..010552cc 100644 --- a/modules/pam/templates/system-auth +++ b/modules/pam/templates/system-auth @@ -11,6 +11,7 @@ auth required pam_deny.so account sufficient pam_localuser.so # not sure if the following bring something useful account required pam_ldap.so +account sufficient pam_succeed_if.so quiet user ingroup mga-sysadmin account sufficient pam_succeed_if.so quiet user ingroup mga-unrestricted_shell_access <%- access_classes = scope.lookupvar('pam::multiple_ldap_access::access_classes') -%> <%- if access_classes -%> |