diff options
Diffstat (limited to 'modules/pam/templates/system-auth')
-rw-r--r-- | modules/pam/templates/system-auth | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth index 010552cc..37d1da7d 100644 --- a/modules/pam/templates/system-auth +++ b/modules/pam/templates/system-auth @@ -11,11 +11,9 @@ auth required pam_deny.so account sufficient pam_localuser.so # not sure if the following bring something useful account required pam_ldap.so -account sufficient pam_succeed_if.so quiet user ingroup mga-sysadmin -account sufficient pam_succeed_if.so quiet user ingroup mga-unrestricted_shell_access -<%- access_classes = scope.lookupvar('pam::multiple_ldap_access::access_classes') -%> -<%- if access_classes -%> -<%- access_classes.each { |ldap_group| -%> +<%- allowed_access_classes = scope.lookupvar('pam::multiple_ldap_access::allowed_access_classes') -%> +<%- if allowed_access_classes -%> +<%- allowed_access_classes.each { |ldap_group| -%> account sufficient pam_succeed_if.so quiet user ingroup <%= ldap_group %> <%- } -%> <%- end -%> |