From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-sysadm/2010-November/000570.html | 265 ++++++++++++++++++++++++ 1 file changed, 265 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/2010-November/000570.html (limited to 'zarb-ml/mageia-sysadm/2010-November/000570.html') diff --git a/zarb-ml/mageia-sysadm/2010-November/000570.html b/zarb-ml/mageia-sysadm/2010-November/000570.html new file mode 100644 index 000000000..8a0f81108 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000570.html @@ -0,0 +1,265 @@ + + + + [Mageia-sysadm] [265] - add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too ) + + + + + + + + + +

[Mageia-sysadm] [265] - add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too )

+ root at mageia.org + root at mageia.org +
+ Wed Nov 17 16:35:10 CET 2010 +

+
+ +
Revision: 265
+Author:   misc
+Date:     2010-11-17 16:35:10 +0100 (Wed, 17 Nov 2010)
+Log Message:
+-----------
+- add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too )
+
+Modified Paths:
+--------------
+    puppet/modules/apache/templates/vhost_catalyst_app.conf
+    puppet/modules/apache/templates/vhost_django_app.conf
+    puppet/modules/buildsystem/manifests/init.pp
+    puppet/modules/postfix/manifests/init.pp
+    puppet/modules/transifex/manifests/init.pp
+
+Added Paths:
+-----------
+    puppet/modules/pam/
+    puppet/modules/pam/manifests/
+    puppet/modules/pam/manifests/init.pp
+    puppet/modules/pam/templates/
+    puppet/modules/pam/templates/system-auth
+
+Modified: puppet/modules/apache/templates/vhost_catalyst_app.conf
+===================================================================
+--- puppet/modules/apache/templates/vhost_catalyst_app.conf	2010-11-17 15:13:07 UTC (rev 264)
++++ puppet/modules/apache/templates/vhost_catalyst_app.conf	2010-11-17 15:35:10 UTC (rev 265)
+@@ -15,6 +15,8 @@
+         ServerName <%= name %>
+         # Serve static content directly
+         DocumentRoot  /dev/null
++# header 
++
+ <% if location then %>
+         Alias /static <%= location %>/root/static
+ <% end %>
+
+Modified: puppet/modules/apache/templates/vhost_django_app.conf
+===================================================================
+--- puppet/modules/apache/templates/vhost_django_app.conf	2010-11-17 15:13:07 UTC (rev 264)
++++ puppet/modules/apache/templates/vhost_django_app.conf	2010-11-17 15:35:10 UTC (rev 265)
+@@ -4,7 +4,7 @@
+         DocumentRoot  /dev/null
+ 
+         WSGIScriptAlias / /usr/local/lib/wsgi/<%= name %>.wsgi
+-
++#footer
+         <Location />
+             Allow from all
+         </Location>
+
+Modified: puppet/modules/buildsystem/manifests/init.pp
+===================================================================
+--- puppet/modules/buildsystem/manifests/init.pp	2010-11-17 15:13:07 UTC (rev 264)
++++ puppet/modules/buildsystem/manifests/init.pp	2010-11-17 15:35:10 UTC (rev 265)
+@@ -4,6 +4,22 @@
+         include iurt
+     }
+ 
++    class scheduler {
++        # ulri        
++    }
++
++    class dispatcher {
++        # emi
++    }
++    
++    class repsys {
++        package { 'repsys':
++
++        }
++
++
++    }
++
+     class iurt {
+         include sudo
+ 
+
+Added: puppet/modules/pam/manifests/init.pp
+===================================================================
+--- puppet/modules/pam/manifests/init.pp	                        (rev 0)
++++ puppet/modules/pam/manifests/init.pp	2010-11-17 15:35:10 UTC (rev 265)
+@@ -0,0 +1,27 @@
++class pam {
++
++  package { ["pam_ldap","nss_ldap", "pam_mkhomedir"]:
++    ensure => installed,  
++  }
++
++
++  file { "system-auth":
++     path => "/etc/pam.d/system-auth",
++     owner => root,
++     group => root,
++     mode => 644,
++     content => template("openldap/system-auth")
++  }
++  
++  # for server where only admin can connect
++  class admin_access {
++    $access_class = "admin"
++    file { "system-auth": }
++  }
++
++  # for server where people can connect with ssh ( git, svn )
++  class commiters_access {
++    $access_class = "commiters"
++    file { "system-auth": }
++  }
++}
+
+Added: puppet/modules/pam/templates/system-auth
+===================================================================
+--- puppet/modules/pam/templates/system-auth	                        (rev 0)
++++ puppet/modules/pam/templates/system-auth	2010-11-17 15:35:10 UTC (rev 265)
+@@ -0,0 +1,35 @@
++auth    required    pam_env.so
++# this part is here if the module don't exist
++# basically, the idea is to copy the exact detail of sufficient,
++# and add abort=ignore
++auth    [abort=ignore success=done new_authtok_reqd=done default=ignore]  pam_tcb.so shadow fork nullok prefix=$2a$ count=8
++auth    sufficient   pam_unix.so likeauth nullok
++auth    sufficient   pam_ldap.so use_first_pass
++<% if access_class = 'admin' %>
++auth    required     pam_wheel.so group=mga-sysadmin
++<% end %>
++<% if access_class = 'commiters' %>
++auth    required     pam_wheel.so group=mga-commiters
++<% end %>
++auth    required     pam_deny.so
++
++
++account sufficient  pam_localuser.so
++account sufficient  pam_ldap.so
++account required    pam_deny.so
++
++
++password    required    pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 dcredit=0  ucredit=0 ucredit=0
++# TODO check this part too
++password    sufficient  pam_tcb.so use_authtok shadow write_to=shadow fork nullok prefix=$2a$ count=8 abort=ignore
++password    sufficient  pam_ldap.so use_authtok
++password    sufficient  pam_unix.so use_authtok nullok md5 shadow
++password    required    pam_deny.so
++
++session optional    pam_keyinit.so revoke
++# optional if there is a problem when creating the account
++session optional    pam_mkhomedir.so
++session required    pam_limits.so
++session required    pam_unix.so
++session optional    pam_ldap.so
++
+
+Modified: puppet/modules/postfix/manifests/init.pp
+===================================================================
+--- puppet/modules/postfix/manifests/init.pp	2010-11-17 15:13:07 UTC (rev 264)
++++ puppet/modules/postfix/manifests/init.pp	2010-11-17 15:35:10 UTC (rev 265)
+@@ -4,7 +4,7 @@
+         package { postfix:
+             ensure => installed
+         }
+-	package { 'nail':
++    	package { 'nail':
+                 ensure => installed
+         }
+         service { postfix:
+@@ -30,4 +30,17 @@
+             content => template("postfix/simple_relay_main.cf"),
+         }
+     }
++
++    class primary_smtp inherits base {
++        file { '/etc/postfix/main.cf':
++            content => template("postfix/primary_main.cf"),
++        }
++    }
++
++    class secondary_smtp inherits base {
++        file { '/etc/postfix/main.cf':
++            content => template("postfix/secondary_main.cf"),
++        }
++    }
++
+ }
+
+Modified: puppet/modules/transifex/manifests/init.pp
+===================================================================
+--- puppet/modules/transifex/manifests/init.pp	2010-11-17 15:13:07 UTC (rev 264)
++++ puppet/modules/transifex/manifests/init.pp	2010-11-17 15:35:10 UTC (rev 265)
+@@ -12,4 +12,8 @@
+     mode => 755,
+     content => template("transifex/20-engines.conf")
+   }
++
++  apache::vhost_django_app { "transifex.$domain":
++    module => "transifex" 
++  }  
+ }
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20101117/15a9175d/attachment.html>
+
+ + + + + + + + + + + +
+

+ +
+More information about the Mageia-sysadm +mailing list
+ -- cgit v1.2.1