diff options
| -rw-r--r-- | modules/pam/manifests/init.pp | 69 |
1 files changed, 23 insertions, 46 deletions
diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp index 1c6c2b11..e5f6f970 100644 --- a/modules/pam/manifests/init.pp +++ b/modules/pam/manifests/init.pp @@ -1,53 +1,30 @@ class pam { + class base { + package { ["pam_ldap","nss_ldap","nscd"]: } - class base { - package { ["pam_ldap","nss_ldap","nscd"]: - ensure => installed, - } + service { nscd: + ensure => running, + path => '/etc/init.d/nscd', + } - service { nscd: - ensure => running, - path => '/etc/init.d/nscd', - } + file { + "/etc/pam.d/system-auth": content => template("pam/system-auth"); + "/etc/nsswitch.conf": content => template("pam/nsswitch.conf"); + "/etc/ldap.conf": content => template("pam/ldap.conf"); + } - file { "system-auth": - path => "/etc/pam.d/system-auth", - owner => root, - group => root, - mode => 644, - content => template("pam/system-auth") - } - - file { "nsswitch.conf": - path => "/etc/nsswitch.conf", - owner => root, - group => root, - mode => 644, - content => template("pam/nsswitch.conf") - } - - $ldap_password = extlookup("${fqdn}_ldap_password",'x') - file { "ldap.secret": - path => "/etc/ldap.secret", - owner => root, - group => root, - mode => 600, - content => $ldap_password - } - - file { "ldap.conf": - path => "/etc/ldap.conf", - owner => root, - group => root, - mode => 644, - content => template("pam/ldap.conf") - } - } + $ldap_password = extlookup("${fqdn}_ldap_password",'x') + file { "ldap.secret": + path => "/etc/ldap.secret", + mode => 600, + content => $ldap_password + } + } - define multiple_ldap_access($access_classes,$restricted_shell = false) { - if $restricted_shell { - include restrictshell + define multiple_ldap_access($access_classes,$restricted_shell = false) { + if $restricted_shell { + include restrictshell + } + include base } - include base - } } |