From 92d55871e5bc152f00464daffd5b80f8871d1a15 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@mageia.org>
Date: Thu, 13 Jan 2011 18:12:32 +0000
Subject: move the type of access_class to deployment ( as this is tied to our
 group name )

---
 modules/pam/manifests/init.pp | 26 --------------------------
 1 file changed, 26 deletions(-)

(limited to 'modules/pam/manifests/init.pp')

diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp
index 732957c4..246bb4f6 100644
--- a/modules/pam/manifests/init.pp
+++ b/modules/pam/manifests/init.pp
@@ -47,30 +47,4 @@ class pam {
   define multiple_ldap_access($access_classes) {
     include base
   }
- 
-  # beware , this two classes are exclusives
-  # if you need multiple group access, you need to define you own class
-  # of access  
- 
-  # for server where only admins can connect
-  class admin_access {
-    multiple_ldap_access { "admin_access":
-        access_classes => ['mga-sysadmin']
-    }
-  }
-
-  # for server where people can connect with ssh ( git, svn )
-  class committers_access {
-    # this is required, as we force the shell to be the restricted one
-    # openssh will detect if the file do not exist and while refuse to log the
-    # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
-    # so the file must exist
-    # permission to use svn, git, etc must be added separatly
-     
-    include restrictshell::shell
-
-    multiple_ldap_access { "committers_access":
-        access_classes => ['mga-commiters']
-    }
-  }
 }
-- 
cgit v1.2.1