aboutsummaryrefslogtreecommitdiffstats
path: root/modules/pam/templates
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Use @ when accessing variables in templates"Dan Fandrich2024-10-043-9/+9
| | | | | | Variables defined within a template can't be accessed with @. This change needs to be reworked to eliminate those cases. This reverts commits 2c7da665 and ae197622.
* Use @ when accessing variables in templatesDan Fandrich2024-10-043-9/+9
| | | | Access without the @ symbol is the older method and is discouraged.
* Use concat from stdlib to merged admins in access classesOlivier Blin2017-02-211-5/+3
| | | | We already use puppet-stdlib for the file_line helper.
* Implicitely allow mga-sysadmin login for all access classesOlivier Blin2017-02-211-0/+1
| | | | | | Like done already for mga-unrestricted_shell_access. There is no easy way to concatenate arrays in puppet, the rules are kept inlined for mga-sysadmin and mga-unrestricted_shell_access.
* Allow mga-unrestricted_shell_access group login on all nodesOlivier Blin2017-02-211-0/+1
|
* Revert commit 8822d1c7be9cfe2783f886922a778410bacd93cc as it breaks login ↵Nicolas Lécureuil2015-11-301-1/+1
| | | | for non root like our iso maker team
* openldap: enable TLS_CACERTThomas Backlund2015-11-301-1/+1
|
* lint fixes for pamThomas Backlund2015-10-204-4/+0
|
* pam: remove "dynamic lookup" warningsNicolas Vigier2012-12-182-1/+5
|
* manage /etc/openldap/ldap.conf by puppetMichael Scherer2012-02-151-0/+26
|
* we do not use mdns on servers, so remove it as it seems to cause troubleMichael Scherer2011-05-241-1/+1
| | | | | on mandriva 2010.0, as used on gandi vm
* - allow to set access without forcing the restricted shell ( shouldMichael Scherer2011-01-131-1/+1
| | | | be done by openssh in fact, but that's easier to do like this for now )
* allow to use multiple group for the access with pamMichael Scherer2011-01-131-6/+6
|
* restrict login to people of the group mga-commiters ( previous try wasMichael Scherer2010-11-241-6/+6
| | | | not working with ssh key )
* s/commiters/committers/, to be in sync with the ldap group name and the ↵Michael Scherer2010-11-241-2/+2
| | | | dictionnary
* move the group restriction at the top of the file, or they are uselessMichael Scherer2010-11-241-7/+7
|
* pam_wheel is made to be used with su only. pam_succeed_if seems to be the ↵Michael Scherer2010-11-241-2/+2
| | | | proper module
* remove empty line from the result file ( <% vs <%- )Michael Scherer2010-11-241-4/+4
|
* Add timelimits for nss_ldap, enable password policyBuchan Milne2010-11-221-1/+3
|
* - use the rootbinddn as preconized by buchan ( and let all access goesMichael Scherer2010-11-221-2/+2
| | | | through nscd )
* - use the first pass if proposed ( or pam ask the password 2 times )Michael Scherer2010-11-221-1/+1
|
* - add nssldap password handlingMichael Scherer2010-11-221-1/+2
|
* - ldaps is required ( ie no unencrypted connection )Michael Scherer2010-11-221-1/+1
|
* - do not let file with passwords to be world readable Michael Scherer2010-11-201-3/+0
| | | | | | | | ( even if being readable by apache is not good either, but needed as the password is used by apache ) - use ldaps for sympa - use the 2 new facter macro and remove the version copied everywhere - remove hardcoded domain in bugzilla and others
* - fix templates ( again )Michael Scherer2010-11-171-0/+22
| | | | | - add ldap.conf
* - fix templatesMichael Scherer2010-11-171-0/+16
| | | | | - add nsswitch.conf
* - add a proto module for taking care of pam ( need pam_ldap, etc support, ↵Michael Scherer2010-11-171-0/+35
and a review of the pam config file too )
generated by cgit v1.2.1 (git 2.21.0) at 2025-02-21 14:10:40 +0000