diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2011-January/002054.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2011-January/002054.html | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2011-January/002054.html b/zarb-ml/mageia-sysadm/2011-January/002054.html new file mode 100644 index 000000000..563ff6fe2 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2011-January/002054.html @@ -0,0 +1,178 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [780] move the type of access_class to deployment ( as this is tied to our group name ) + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B780%5D%20move%20the%20type%20of%20access_class%20to%20deployment%20%28%0A%20as%20this%20is%20tied%20to%20our%20group%20name%20%29&In-Reply-To=%3C20110113181232.E76F34237C%40valstar.mageia.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="002053.html"> + <LINK REL="Next" HREF="002055.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [780] move the type of access_class to deployment ( as this is tied to our group name )</H1> + <B>root at mageia.org</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B780%5D%20move%20the%20type%20of%20access_class%20to%20deployment%20%28%0A%20as%20this%20is%20tied%20to%20our%20group%20name%20%29&In-Reply-To=%3C20110113181232.E76F34237C%40valstar.mageia.org%3E" + TITLE="[Mageia-sysadm] [780] move the type of access_class to deployment ( as this is tied to our group name )">root at mageia.org + </A><BR> + <I>Thu Jan 13 19:12:32 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="002053.html">[Mageia-sysadm] [779] allow to use multiple group for the access with pam +</A></li> + <LI>Next message: <A HREF="002055.html">[Mageia-sysadm] [781] add a class for iso_makers ( ie, people who will connect to rabbit, and create isos ) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2054">[ date ]</a> + <a href="thread.html#2054">[ thread ]</a> + <a href="subject.html#2054">[ subject ]</a> + <a href="author.html#2054">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Revision: 780 +Author: misc +Date: 2011-01-13 19:12:32 +0100 (Thu, 13 Jan 2011) +Log Message: +----------- +move the type of access_class to deployment ( as this is tied to our group name ) + +Modified Paths: +-------------- + puppet/manifests/nodes.pp + puppet/modules/pam/manifests/init.pp + +Added Paths: +----------- + puppet/deployment/access_class/ + puppet/deployment/access_class/manifests/ + puppet/deployment/access_class/manifests/init.pp + +Added: puppet/deployment/access_class/manifests/init.pp +=================================================================== +--- puppet/deployment/access_class/manifests/init.pp (rev 0) ++++ puppet/deployment/access_class/manifests/init.pp 2011-01-13 18:12:32 UTC (rev 780) +@@ -0,0 +1,28 @@ ++class access_class { ++ ++ # beware , theses classes are exclusives ++ # if you need multiple group access, you need to define you own class ++ # of access ++ ++ # for server where only admins can connect ++ class admin { ++ pam::multiple_ldap_access { "admin": ++ access_classes => ['mga-sysadmin'] ++ } ++ } ++ ++ # for server where people can connect with ssh ( git, svn ) ++ class committers { ++ # this is required, as we force the shell to be the restricted one ++ # openssh will detect if the file do not exist and while refuse to log the ++ # user, and erase the password ( see pam_auth.c in openssh code, seek badpw ) ++ # so the file must exist ++ # permission to use svn, git, etc must be added separatly ++ ++ include restrictshell::shell ++ ++ pam::multiple_ldap_access { "committers": ++ access_classes => ['mga-commiters'] ++ } ++ } ++} + +Modified: puppet/manifests/nodes.pp +=================================================================== +--- puppet/manifests/nodes.pp 2011-01-13 18:12:31 UTC (rev 779) ++++ puppet/manifests/nodes.pp 2011-01-13 18:12:32 UTC (rev 780) +@@ -21,7 +21,7 @@ + include buildsystem::mainnode + include buildsystem::mgacreatehome + +- include pam::committers_access ++ include access_class::committers + include restrictshell::allow_svn + include restrictshell::allow_pkgsubmit + include openssh::ssh_keys_from_ldap + +Modified: puppet/modules/pam/manifests/init.pp +=================================================================== +--- puppet/modules/pam/manifests/init.pp 2011-01-13 18:12:31 UTC (rev 779) ++++ puppet/modules/pam/manifests/init.pp 2011-01-13 18:12:32 UTC (rev 780) +@@ -47,30 +47,4 @@ + define multiple_ldap_access($access_classes) { + include base + } +- +- # beware , this two classes are exclusives +- # if you need multiple group access, you need to define you own class +- # of access +- +- # for server where only admins can connect +- class admin_access { +- multiple_ldap_access { "admin_access": +- access_classes => ['mga-sysadmin'] +- } +- } +- +- # for server where people can connect with ssh ( git, svn ) +- class committers_access { +- # this is required, as we force the shell to be the restricted one +- # openssh will detect if the file do not exist and while refuse to log the +- # user, and erase the password ( see pam_auth.c in openssh code, seek badpw ) +- # so the file must exist +- # permission to use svn, git, etc must be added separatly +- +- include restrictshell::shell +- +- multiple_ldap_access { "committers_access": +- access_classes => ['mga-commiters'] +- } +- } + } +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: </pipermail/mageia-sysadm/attachments/20110113/b11cf251/attachment-0001.html> +</PRE> + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="002053.html">[Mageia-sysadm] [779] allow to use multiple group for the access with pam +</A></li> + <LI>Next message: <A HREF="002055.html">[Mageia-sysadm] [781] add a class for iso_makers ( ie, people who will connect to rabbit, and create isos ) +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2054">[ date ]</a> + <a href="thread.html#2054">[ thread ]</a> + <a href="subject.html#2054">[ subject ]</a> + <a href="author.html#2054">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |