From ae6ba130344466d36dac9988bb9bcbbd0256fb80 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@mageia.org>
Date: Wed, 24 Nov 2010 02:50:45 +0000
Subject: restrict login to people of the group mga-commiters ( previous try
 was not working with ssh key )

---
 modules/pam/manifests/init.pp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'modules/pam/manifests/init.pp')

diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp
index 63e8b12f..e6e37bb8 100644
--- a/modules/pam/manifests/init.pp
+++ b/modules/pam/manifests/init.pp
@@ -43,14 +43,17 @@ class pam {
          content => template("pam/ldap.conf")
       }
   } 
-  
+ 
+  # beware , this two classes are exclusive
+ 
   # for server where only admins can connect
-  class admin_access inherits base {
+  class admin_access {
     $access_class = "admin"
+    include base
   }
 
   # for server where people can connect with ssh ( git, svn )
-  class committers_access inherits base {
+  class committers_access {
     # this is required, as we force the shell to be the restricted one
     # openssh will detect if the file do not exist and while refuse to log the
     # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
@@ -58,5 +61,6 @@ class pam {
     # permission to use svn, git, etc must be added separatly
     include restrictshell::shell
     $access_class = "committers"
+    include base
   }
 }
-- 
cgit v1.2.1