From 92d55871e5bc152f00464daffd5b80f8871d1a15 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@mageia.org>
Date: Thu, 13 Jan 2011 18:12:32 +0000
Subject: move the type of access_class to deployment ( as this is tied to our
 group name )

---
 deployment/access_class/manifests/init.pp | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 deployment/access_class/manifests/init.pp

(limited to 'deployment/access_class/manifests/init.pp')

diff --git a/deployment/access_class/manifests/init.pp b/deployment/access_class/manifests/init.pp
new file mode 100644
index 00000000..c2bbd5f8
--- /dev/null
+++ b/deployment/access_class/manifests/init.pp
@@ -0,0 +1,28 @@
+class access_class {
+ 
+  # beware , theses classes are exclusives
+  # if you need multiple group access, you need to define you own class
+  # of access  
+ 
+  # for server where only admins can connect
+  class admin {
+    pam::multiple_ldap_access { "admin":
+        access_classes => ['mga-sysadmin']
+    }
+  }
+
+  # for server where people can connect with ssh ( git, svn )
+  class committers {
+    # this is required, as we force the shell to be the restricted one
+    # openssh will detect if the file do not exist and while refuse to log the
+    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
+    # so the file must exist
+    # permission to use svn, git, etc must be added separatly
+     
+    include restrictshell::shell
+
+    pam::multiple_ldap_access { "committers":
+        access_classes => ['mga-commiters']
+    }
+  }
+}
-- 
cgit v1.2.1