| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | ldap-sshkey2file.py: add dry-run and verbose mode | Olivier Blin | 2017-02-23 | 1 | -0/+16 |
| | | |||||
| * | ldap-sshkey2file.py: use argparse for options parsing and usage | Olivier Blin | 2017-02-23 | 1 | -16/+15 |
| | | |||||
| * | ldap-sshkey2file.py: reorder code in write_keys to prepare adding a dry-run mode | Olivier Blin | 2017-02-23 | 1 | -29/+29 |
| | | |||||
| * | ldap-sshkey2file.py: fix path of authorized_keys in usage | Olivier Blin | 2017-02-23 | 1 | -1/+1 |
| | | |||||
| * | Fix ldap-sshkey2file so it doesn't crash when a user has no uidNumber | Dan Fandrich | 2017-02-23 | 1 | -3/+3 |
| | | | | | | This shouldn't happen in normal operation, but can happen when binding to a DN who doesn't have access to that attribute. | ||||
| * | Allow mga-unrestricted_shell_access group login on duvel | Olivier Blin | 2017-02-21 | 1 | -1/+1 |
| | | | | | Also-by: Dan Fandrich <dan@coneharvesters.com> | ||||
| * | Remove unnecessary AllowGroups sshd restriction on rabbit | Olivier Blin | 2017-02-21 | 1 | -4/+0 |
| | | | | | | | | | This is already covered by pam.d/system-auth, which only allows local users and authorized access classes. Otherwise, login fails: sshd[1234]: fatal: Access denied for user XXX by PAM account configuration [preauth] | ||||
| * | Disable password for ssh on all machines | Pascal Terjan | 2016-10-13 | 1 | -1/+1 |
| | | |||||
| * | Allow iurt to ssh to rabbit | Pascal Terjan | 2016-10-13 | 1 | -1/+1 |
| | | |||||
| * | Restrict ssh access on rabbit | Pascal Terjan | 2016-10-13 | 1 | -0/+4 |
| | | |||||
| * | openssh: Fix writing ssh public keys, with new ldap secret location | Olivier Blin | 2016-02-21 | 2 | -5/+40 |
| | | | | | ldap secret is now stored in the bindpw field of /etc/nslcd.conf | ||||
| * | Allow members of mga-sysadmin to log in via ssh | Dan Fandrich | 2016-02-19 | 1 | -1/+1 |
| | | | | | | This only works on hosts where users' ssh keys are copied, namely those including openssh::ssh_keys_from_ldap | ||||
| * | openssh: do not force command for git user | Olivier Blin | 2016-02-07 | 1 | -1/+2 |
| | | | | | | The "gitolite <username>" is already set in /var/lib/git/.ssh/authorized_keys, and we do not want to override it. | ||||
| * | openssh: fix forcing sv_membersh command | Olivier Blin | 2016-02-07 | 1 | -1/+1 |
| | | | | | | | | | | | The following rule did not work as intended: Match User !schedbot User !root This one does (with a leading wildcard): Match User *,!schedbot,!root See http://superuser.com/questions/952235/why-arent-my-negative-matches-working | ||||
| * | Force sv_membersh.pl in ssh on duvel | Pascal Terjan | 2016-02-07 | 1 | -0/+4 |
| | | | | | | That way we don't need to have it as default shell for everyone on the machine It should probably not hardcode duvel though | ||||
| * | variable enclosing fixes | Thomas Backlund | 2015-10-20 | 1 | -1/+1 |
| | | |||||
| * | openssh: Ensure ownership is set correctly on authorized_keys | Colin Guthrie | 2015-02-06 | 1 | -0/+5 |
| | | | | | | | This was highlighted by a problem encountered by Nicolas Salguero. Many thanks for your patience. | ||||
| * | openssh: Fix python copy/paste error. | Colin Guthrie | 2015-02-03 | 1 | -1/+1 |
| | | | | | Introduced in d5148ffbb0514c37893002e4988c5f7f379586bf | ||||
| * | openssh: Also update gitolite config when SSH keys change. | Colin Guthrie | 2015-01-18 | 1 | -1/+1 |
| | | | | | | This should avoid the problems encountered recently with Donald's SSH key update and git access. | ||||
| * | openssh: Return failure when no keys are updated. | Colin Guthrie | 2015-01-18 | 1 | -2/+15 |
| | | | | | We can then use this exit status to run other commands when keys are updated. | ||||
| * | openssh: Only write authorized_keys file when it's different | Colin Guthrie | 2015-01-18 | 1 | -7/+20 |
| | | | | | | This saves disk churn and will eventually allow us to take further action when keys actually change. | ||||
| * | openssh: Use temp file when writing keys from LDAP. | Colin Guthrie | 2015-01-18 | 1 | -7/+12 |
| | | | | | | | | This helps avoid a race condition when the file is not yet written properly when a new SSH connection from that user comes in. This isn't really a problem in practice, but we may as well do it. | ||||
| * | Revert "Temporary hack to work around LDAP server sync problem" | Colin Guthrie | 2014-09-23 | 1 | -6/+0 |
| | | | | | | | This reverts commit cc302084ccf54fb8f067f8dd5d7f7c07ed50b019. Slave LDAP now back cookin' on gas! | ||||
| * | Temporary hack to work around LDAP server sync problem | Colin Guthrie | 2014-09-16 | 1 | -0/+6 |
| | | |||||
| * | Partially revert part of r3378 which wasn't meant to be in the commit :( | Colin Guthrie | 2013-12-05 | 1 | -2/+0 |
| | | |||||
| * | Add mgaonline to the freeze exception pkg regexp | Colin Guthrie | 2013-12-05 | 1 | -0/+2 |
| | | |||||
| * | openssh::ssh_keys_from_ldap: remove unused parameter | Nicolas Vigier | 2013-07-06 | 1 | -1/+1 |
| | | |||||
| * | openssh: switch to standard path for authorized_keys file | Nicolas Vigier | 2013-07-06 | 4 | -53/+1 |
| | | |||||
| * | ldap-sshkey2file.py: export ssh keys to /home directory | Nicolas Vigier | 2013-07-06 | 1 | -5/+14 |
| | | | | | Thanks to Colin for help on this | ||||
| * | More mga-common mga_common remaning | Nicolas Vigier | 2013-06-19 | 1 | -1/+1 |
| | | |||||
| * | Rename mga-common module to mga_common. | Nicolas Vigier | 2013-06-19 | 1 | -1/+1 |
| | | | | | New puppet version doesn't like modules with a - in their name. | ||||
| * | Local_script -> Mga-common::Local_script | Nicolas Vigier | 2012-12-10 | 1 | -1/+1 |
| | | |||||
| * | openssh: use mga-common::local_script | Nicolas Vigier | 2012-12-10 | 1 | -1/+1 |
| | | |||||
| * | add explicit variable for the directory holding pubkeys | Michael Scherer | 2012-04-02 | 1 | -0/+2 |
| | | |||||
| * | split a module pubkeys_directory, so we can include it from symlink_user and ↵ | Michael Scherer | 2012-04-02 | 3 | -16/+20 |
| | | | | | make sure everything is correctly declared | ||||
| * | split ssh_keys_from_ldap in a different file | Michael Scherer | 2012-04-02 | 2 | -47/+46 |
| | | |||||
| * | fix the definition of the define, and move file to match the name | Michael Scherer | 2012-03-19 | 1 | -1/+1 |
| | | |||||
| * | rename define to match the real name | Michael Scherer | 2012-03-19 | 1 | -0/+0 |
| | | |||||
| * | fix missing comma | Michael Scherer | 2012-03-19 | 1 | -1/+1 |
| | | |||||
| * | split symlink into a separate file | Michael Scherer | 2012-03-19 | 2 | -16/+17 |
| | | |||||
| * | style cleaning, and various fix ( for symlink ) | Michael Scherer | 2012-03-19 | 1 | -28/+30 |
| | | |||||
| * | split server in a separate file, and clean the module | Michael Scherer | 2012-03-19 | 2 | -18/+16 |
| | | |||||
| * | do not use start tls on ldaps connection, as this produce a traceback | Michael Scherer | 2012-01-28 | 1 | -1/+2 |
| | | |||||
| * | iuse the new get_ldap_servers to get the list of all ldap servers | Michael Scherer | 2012-01-22 | 2 | -1/+5 |
| | | |||||
| * | clean openssh service | Michael Scherer | 2012-01-16 | 1 | -3/+1 |
| | | |||||
| * | fix another error | Michael Scherer | 2012-01-08 | 1 | -2/+2 |
| | | |||||
| * | fix manifest | Michael Scherer | 2012-01-08 | 1 | -1/+1 |
| | | |||||
| * | cleaning of the openssh module | Michael Scherer | 2012-01-08 | 1 | -25/+6 |
| | | |||||
| * | move ldap-sshkey2file.py to openssh module (where it is used) | Nicolas Vigier | 2011-08-21 | 2 | -1/+93 |
| | | |||||
| * | fix openssh manifest, as having a empty template do not work ( contrary to ↵ | Michael Scherer | 2011-06-16 | 1 | -1/+1 |
| | | | | | what I (wrongly) tested :/ ) | ||||
 |
index : puppet | |
| Mageia Infrastructure Configuration | git |
| aboutsummaryrefslogtreecommitdiffstats |