diff options
Diffstat (limited to 'deployment/access_classes')
| -rw-r--r-- | deployment/access_classes/manifests/admin.pp | 8 | ||||
| -rw-r--r-- | deployment/access_classes/manifests/committers.pp | 14 | ||||
| -rw-r--r-- | deployment/access_classes/manifests/init.pp | 5 | ||||
| -rw-r--r-- | deployment/access_classes/manifests/iso_makers.pp | 5 | ||||
| -rw-r--r-- | deployment/access_classes/manifests/web.pp | 5 |
5 files changed, 37 insertions, 0 deletions
diff --git a/deployment/access_classes/manifests/admin.pp b/deployment/access_classes/manifests/admin.pp new file mode 100644 index 00000000..186c9c87 --- /dev/null +++ b/deployment/access_classes/manifests/admin.pp @@ -0,0 +1,8 @@ +# for server where only admins can connect (allowed by default) +class access_classes::admin { + class { 'pam::multiple_ldap_access': + access_classes => [] + } +} + + diff --git a/deployment/access_classes/manifests/committers.pp b/deployment/access_classes/manifests/committers.pp new file mode 100644 index 00000000..37c0e266 --- /dev/null +++ b/deployment/access_classes/manifests/committers.pp @@ -0,0 +1,14 @@ +# for server where people can connect with ssh ( git, svn ) +class access_classes::committers { + # this is required, as we force the shell to be the restricted one + # openssh will detect if the file do not exist and while refuse to log the + # user, and erase the password ( see pam_auth.c in openssh code, + # seek badpw ) + # so the file must exist + # permission to use svn, git, etc must be added separately + + class { 'pam::multiple_ldap_access': + access_classes => ['mga-shell_access'], + restricted_shell => true, + } +} diff --git a/deployment/access_classes/manifests/init.pp b/deployment/access_classes/manifests/init.pp new file mode 100644 index 00000000..a414f3e0 --- /dev/null +++ b/deployment/access_classes/manifests/init.pp @@ -0,0 +1,5 @@ +class access_classes { + # beware , theses classes are exclusives + # if you need multiple group access, you need to define you own class + # of access +} diff --git a/deployment/access_classes/manifests/iso_makers.pp b/deployment/access_classes/manifests/iso_makers.pp new file mode 100644 index 00000000..c645205e --- /dev/null +++ b/deployment/access_classes/manifests/iso_makers.pp @@ -0,0 +1,5 @@ +class access_classes::iso_makers { + class { 'pam::multiple_ldap_access': + access_classes => ['mga-iso_makers'] + } +} diff --git a/deployment/access_classes/manifests/web.pp b/deployment/access_classes/manifests/web.pp new file mode 100644 index 00000000..fa2c7df5 --- /dev/null +++ b/deployment/access_classes/manifests/web.pp @@ -0,0 +1,5 @@ +class access_classes::web { + class { 'pam::multiple_ldap_access': + access_classes => ['mga-web'] + } +} |