diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-November/000570.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-November/000570.html | 265 |
1 files changed, 265 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-November/000570.html b/zarb-ml/mageia-sysadm/2010-November/000570.html new file mode 100644 index 000000000..8a0f81108 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000570.html @@ -0,0 +1,265 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [265] - add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too ) + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B265%5D%20-%20add%20a%20proto%20module%20for%20taking%20care%20of%20pam%20%28%0A%20need%20pam_ldap%2C%20etc%20support%2C%20and%20a%20review%20of%20the%20pam%20config%20file%20too%20%29&In-Reply-To=%3C20101117153510.D33A53FC09%40valstar.mageia.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000569.html"> + <LINK REL="Next" HREF="000571.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [265] - add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too )</H1> + <B>root at mageia.org</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B265%5D%20-%20add%20a%20proto%20module%20for%20taking%20care%20of%20pam%20%28%0A%20need%20pam_ldap%2C%20etc%20support%2C%20and%20a%20review%20of%20the%20pam%20config%20file%20too%20%29&In-Reply-To=%3C20101117153510.D33A53FC09%40valstar.mageia.org%3E" + TITLE="[Mageia-sysadm] [265] - add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too )">root at mageia.org + </A><BR> + <I>Wed Nov 17 16:35:10 CET 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000569.html">[Mageia-sysadm] [264] update binddn and password file +</A></li> + <LI>Next message: <A HREF="000571.html">[Mageia-sysadm] [266] - better use heritance +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#570">[ date ]</a> + <a href="thread.html#570">[ thread ]</a> + <a href="subject.html#570">[ subject ]</a> + <a href="author.html#570">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Revision: 265 +Author: misc +Date: 2010-11-17 16:35:10 +0100 (Wed, 17 Nov 2010) +Log Message: +----------- +- add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too ) + +Modified Paths: +-------------- + puppet/modules/apache/templates/vhost_catalyst_app.conf + puppet/modules/apache/templates/vhost_django_app.conf + puppet/modules/buildsystem/manifests/init.pp + puppet/modules/postfix/manifests/init.pp + puppet/modules/transifex/manifests/init.pp + +Added Paths: +----------- + puppet/modules/pam/ + puppet/modules/pam/manifests/ + puppet/modules/pam/manifests/init.pp + puppet/modules/pam/templates/ + puppet/modules/pam/templates/system-auth + +Modified: puppet/modules/apache/templates/vhost_catalyst_app.conf +=================================================================== +--- puppet/modules/apache/templates/vhost_catalyst_app.conf 2010-11-17 15:13:07 UTC (rev 264) ++++ puppet/modules/apache/templates/vhost_catalyst_app.conf 2010-11-17 15:35:10 UTC (rev 265) +@@ -15,6 +15,8 @@ + ServerName <%= name %> + # Serve static content directly + DocumentRoot /dev/null ++# header ++ + <% if location then %> + Alias /static <%= location %>/root/static + <% end %> + +Modified: puppet/modules/apache/templates/vhost_django_app.conf +=================================================================== +--- puppet/modules/apache/templates/vhost_django_app.conf 2010-11-17 15:13:07 UTC (rev 264) ++++ puppet/modules/apache/templates/vhost_django_app.conf 2010-11-17 15:35:10 UTC (rev 265) +@@ -4,7 +4,7 @@ + DocumentRoot /dev/null + + WSGIScriptAlias / /usr/local/lib/wsgi/<%= name %>.wsgi +- ++#footer + <Location /> + Allow from all + </Location> + +Modified: puppet/modules/buildsystem/manifests/init.pp +=================================================================== +--- puppet/modules/buildsystem/manifests/init.pp 2010-11-17 15:13:07 UTC (rev 264) ++++ puppet/modules/buildsystem/manifests/init.pp 2010-11-17 15:35:10 UTC (rev 265) +@@ -4,6 +4,22 @@ + include iurt + } + ++ class scheduler { ++ # ulri ++ } ++ ++ class dispatcher { ++ # emi ++ } ++ ++ class repsys { ++ package { 'repsys': ++ ++ } ++ ++ ++ } ++ + class iurt { + include sudo + + +Added: puppet/modules/pam/manifests/init.pp +=================================================================== +--- puppet/modules/pam/manifests/init.pp (rev 0) ++++ puppet/modules/pam/manifests/init.pp 2010-11-17 15:35:10 UTC (rev 265) +@@ -0,0 +1,27 @@ ++class pam { ++ ++ package { ["pam_ldap","nss_ldap", "pam_mkhomedir"]: ++ ensure => installed, ++ } ++ ++ ++ file { "system-auth": ++ path => "/etc/pam.d/system-auth", ++ owner => root, ++ group => root, ++ mode => 644, ++ content => template("openldap/system-auth") ++ } ++ ++ # for server where only admin can connect ++ class admin_access { ++ $access_class = "admin" ++ file { "system-auth": } ++ } ++ ++ # for server where people can connect with ssh ( git, svn ) ++ class commiters_access { ++ $access_class = "commiters" ++ file { "system-auth": } ++ } ++} + +Added: puppet/modules/pam/templates/system-auth +=================================================================== +--- puppet/modules/pam/templates/system-auth (rev 0) ++++ puppet/modules/pam/templates/system-auth 2010-11-17 15:35:10 UTC (rev 265) +@@ -0,0 +1,35 @@ ++auth required pam_env.so ++# this part is here if the module don't exist ++# basically, the idea is to copy the exact detail of sufficient, ++# and add abort=ignore ++auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8 ++auth sufficient pam_unix.so likeauth nullok ++auth sufficient pam_ldap.so use_first_pass ++<% if access_class = 'admin' %> ++auth required pam_wheel.so group=mga-sysadmin ++<% end %> ++<% if access_class = 'commiters' %> ++auth required pam_wheel.so group=mga-commiters ++<% end %> ++auth required pam_deny.so ++ ++ ++account sufficient pam_localuser.so ++account sufficient pam_ldap.so ++account required pam_deny.so ++ ++ ++password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 dcredit=0 ucredit=0 ucredit=0 ++# TODO check this part too ++password sufficient pam_tcb.so use_authtok shadow write_to=shadow fork nullok prefix=$2a$ count=8 abort=ignore ++password sufficient pam_ldap.so use_authtok ++password sufficient pam_unix.so use_authtok nullok md5 shadow ++password required pam_deny.so ++ ++session optional pam_keyinit.so revoke ++# optional if there is a problem when creating the account ++session optional pam_mkhomedir.so ++session required pam_limits.so ++session required pam_unix.so ++session optional pam_ldap.so ++ + +Modified: puppet/modules/postfix/manifests/init.pp +=================================================================== +--- puppet/modules/postfix/manifests/init.pp 2010-11-17 15:13:07 UTC (rev 264) ++++ puppet/modules/postfix/manifests/init.pp 2010-11-17 15:35:10 UTC (rev 265) +@@ -4,7 +4,7 @@ + package { postfix: + ensure => installed + } +- package { 'nail': ++ package { 'nail': + ensure => installed + } + service { postfix: +@@ -30,4 +30,17 @@ + content => template("postfix/simple_relay_main.cf"), + } + } ++ ++ class primary_smtp inherits base { ++ file { '/etc/postfix/main.cf': ++ content => template("postfix/primary_main.cf"), ++ } ++ } ++ ++ class secondary_smtp inherits base { ++ file { '/etc/postfix/main.cf': ++ content => template("postfix/secondary_main.cf"), ++ } ++ } ++ + } + +Modified: puppet/modules/transifex/manifests/init.pp +=================================================================== +--- puppet/modules/transifex/manifests/init.pp 2010-11-17 15:13:07 UTC (rev 264) ++++ puppet/modules/transifex/manifests/init.pp 2010-11-17 15:35:10 UTC (rev 265) +@@ -12,4 +12,8 @@ + mode => 755, + content => template("transifex/20-engines.conf") + } ++ ++ apache::vhost_django_app { "transifex.$domain": ++ module => "transifex" ++ } + } +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: </pipermail/mageia-sysadm/attachments/20101117/15a9175d/attachment.html> +</PRE> + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000569.html">[Mageia-sysadm] [264] update binddn and password file +</A></li> + <LI>Next message: <A HREF="000571.html">[Mageia-sysadm] [266] - better use heritance +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#570">[ date ]</a> + <a href="thread.html#570">[ thread ]</a> + <a href="subject.html#570">[ subject ]</a> + <a href="author.html#570">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |