diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2011-January/002305.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2011-January/002305.html | 294 |
1 files changed, 294 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2011-January/002305.html b/zarb-ml/mageia-sysadm/2011-January/002305.html new file mode 100644 index 000000000..8774040be --- /dev/null +++ b/zarb-ml/mageia-sysadm/2011-January/002305.html @@ -0,0 +1,294 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [863] add shadow module for login.defs + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B863%5D%20add%20shadow%20module%20for%20login.defs&In-Reply-To=%3C20110120182117.72FEE42B8A%40valstar.mageia.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="002304.html"> + <LINK REL="Next" HREF="002306.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [863] add shadow module for login.defs</H1> + <B>root at mageia.org</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B863%5D%20add%20shadow%20module%20for%20login.defs&In-Reply-To=%3C20110120182117.72FEE42B8A%40valstar.mageia.org%3E" + TITLE="[Mageia-sysadm] [863] add shadow module for login.defs">root at mageia.org + </A><BR> + <I>Thu Jan 20 19:21:17 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="002304.html">[Mageia-sysadm] Puppet Report for rabbit.mageia.org +</A></li> + <LI>Next message: <A HREF="002306.html">[Mageia-sysadm] [864] enable shadow module +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2305">[ date ]</a> + <a href="thread.html#2305">[ thread ]</a> + <a href="subject.html#2305">[ subject ]</a> + <a href="author.html#2305">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Revision: 863 +Author: boklm +Date: 2011-01-20 19:21:17 +0100 (Thu, 20 Jan 2011) +Log Message: +----------- +add shadow module for login.defs + +Added Paths: +----------- + puppet/deployment/shadow/ + puppet/deployment/shadow/files/ + puppet/deployment/shadow/files/login.defs + puppet/deployment/shadow/manifests/ + puppet/deployment/shadow/manifests/init.pp + +Added: puppet/deployment/shadow/files/login.defs +=================================================================== +--- puppet/deployment/shadow/files/login.defs (rev 0) ++++ puppet/deployment/shadow/files/login.defs 2011-01-20 18:21:17 UTC (rev 863) +@@ -0,0 +1,193 @@ ++# *REQUIRED* ++# Directory where mailboxes reside, _or_ name of file, relative to the ++# home directory. If you _do_ define both, MAIL_DIR takes precedence. ++# QMAIL_DIR is for Qmail ++# ++#QMAIL_DIR Maildir ++MAIL_DIR /var/spool/mail ++#MAIL_FILE .mail ++ ++# Password aging controls: ++# ++# PASS_MAX_DAYS Maximum number of days a password may be used. ++# PASS_MIN_DAYS Minimum number of days allowed between password changes. ++# PASS_MIN_LEN Minimum acceptable password length. ++# PASS_WARN_AGE Number of days warning given before a password expires. ++# ++PASS_MAX_DAYS 99999 ++PASS_MIN_DAYS 0 ++#PASS_MIN_LEN 5 ++PASS_WARN_AGE 7 ++ ++# ++# Min/max values for automatic uid selection in useradd ++# ++UID_MIN 500 ++UID_MAX 60000 ++ ++# ++# Min/max values for automatic gid selection in groupadd ++# ++GID_MIN 500 ++GID_MAX 60000 ++ ++# ++# If defined, this command is run when removing a user. ++# It should remove any at/cron/print jobs etc. owned by ++# the user to be removed (passed as the first argument). ++# ++# USERDEL_CMD /usr/sbin/userdel_local ++ ++# ++# If useradd should create home directories for users by default ++# On RH systems, we do. This option is ORed with the -m flag on ++# useradd command line. ++# ++CREATE_HOME yes ++ ++# ++# The password hashing method and iteration count to use for group ++# passwords that may be set with gpasswd(1). ++# ++CRYPT_PREFIX $2a$ ++CRYPT_ROUNDS 8 ++ ++# ++# Whether to use tcb password shadowing scheme. Use 'yes' if using ++# tcb and 'no' if using /etc/shadow ++# ++USE_TCB no ++ ++# ++# Whether newly created tcb-style shadow files should be readable by ++# group "auth". ++# ++TCB_AUTH_GROUP yes ++ ++# ++# Whether useradd should create symlinks rather than directories under ++# /etc/tcb for newly created accounts with UIDs over 1000. See tcb(5) ++# for information on why this may be needed. ++# ++TCB_SYMLINKS no ++ ++# ++# Delay in seconds before being allowed another attempt after a login failure ++# ++FAIL_DELAY 3 ++ ++# ++# Enable display of unknown usernames when login failures are recorded. ++# ++LOG_UNKFAIL_ENAB no ++ ++# ++# Enable logging of successful logins ++# ++LOG_OK_LOGINS no ++ ++# ++# Enable "syslog" logging of su activity - in addition to sulog file logging. ++# SYSLOG_SG_ENAB does the same for newgrp and sg. ++# ++SYSLOG_SU_ENAB yes ++SYSLOG_SG_ENAB yes ++ ++# ++# If defined, either full pathname of a file containing device names or ++# a ":" delimited list of device names. Root logins will be allowed only ++# upon these devices. ++# ++CONSOLE /etc/securetty ++#CONSOLE console:tty01:tty02:tty03:tty04 ++ ++# ++# If defined, the command name to display when running "su -". For ++# example, if this is defined as "su" then a "ps" will display the ++# command is "-su". If not defined, then "ps" would display the ++# name of the shell actually being run, e.g. something like "-sh". ++# ++SU_NAME su ++ ++# ++# If defined, file which inhibits all the usual chatter during the login ++# sequence. If a full pathname, then hushed mode will be enabled if the ++# user's name or shell are found in the file. If not a full pathname, then ++# hushed mode will be enabled if the file exists in the user's home directory. ++# ++HUSHLOGIN_FILE .hushlogin ++#HUSHLOGIN_FILE /etc/hushlogins ++ ++# ++# *REQUIRED* The default PATH settings, for superuser and normal users. ++# ++# (they are minimal, add the rest in the shell startup files) ++ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin ++ENV_PATH PATH=/bin:/usr/bin ++ ++# ++# Terminal permissions ++# ++# TTYGROUP Login tty will be assigned this group ownership. ++# TTYPERM Login tty will be set to this permission. ++# ++# If you have a "write" program which is "setgid" to a special group ++# which owns the terminals, define TTYGROUP to the group number and ++# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign ++# TTYPERM to either 622 or 600. ++# ++TTYGROUP tty ++TTYPERM 0600 ++ ++# ++# Login configuration initializations: ++# ++# ERASECHAR Terminal ERASE character ('\010' = backspace). ++# KILLCHAR Terminal KILL character ('\025' = CTRL/U). ++# UMASK Default "umask" value. ++# ULIMIT Default "ulimit" value. ++# ++# The ERASECHAR and KILLCHAR are used only on System V machines. ++# The ULIMIT is used only if the system supports it. ++# (now it works with setrlimit too; ulimit is in 512-byte units) ++# ++# Prefix these values with "0" to get octal, "0x" to get hexadecimal. ++# ++ERASECHAR 0177 ++KILLCHAR 025 ++UMASK 022 ++#ULIMIT 2097152 ++ ++# ++# Max number of login retries if password is bad ++# ++LOGIN_RETRIES 5 ++ ++# ++# Max time in seconds for login ++# ++LOGIN_TIMEOUT 60 ++ ++# ++# Which fields may be changed by regular users using chfn - use ++# any combination of letters "frwh" (full name, room number, work ++# phone, home phone). If not defined, no changes are allowed. ++# For backward compatibility, "yes" = "rwh" and "no" = "frwh". ++# ++CHFN_RESTRICT rwh ++ ++# ++# Should login be allowed if we can't cd to the home directory? ++# Default in no. ++# ++DEFAULT_HOME yes ++ ++# ++# Enable setting of the umask group bits to be the same as owner bits ++# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is ++# the same as gid, and username is the same as the primary group name. ++# ++# This also enables userdel to remove user groups if no members exist. ++# ++USERGROUPS_ENAB yes ++ + +Added: puppet/deployment/shadow/manifests/init.pp +=================================================================== +--- puppet/deployment/shadow/manifests/init.pp (rev 0) ++++ puppet/deployment/shadow/manifests/init.pp 2011-01-20 18:21:17 UTC (rev 863) +@@ -0,0 +1,8 @@ ++class shadow { ++ file {"/etc/login.defs": ++ owner => 'root', ++ group => 'shadow', ++ mode => 640, ++ source => 'shadow/login.defs', ++ } ++} +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: </pipermail/mageia-sysadm/attachments/20110120/a10cdbae/attachment-0001.html> +</PRE> + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="002304.html">[Mageia-sysadm] Puppet Report for rabbit.mageia.org +</A></li> + <LI>Next message: <A HREF="002306.html">[Mageia-sysadm] [864] enable shadow module +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#2305">[ date ]</a> + <a href="thread.html#2305">[ thread ]</a> + <a href="subject.html#2305">[ subject ]</a> + <a href="author.html#2305">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |