From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-sysadm/2010-November/000865.html | 199 ++++++++++++++++++++++++ 1 file changed, 199 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/2010-November/000865.html (limited to 'zarb-ml/mageia-sysadm/2010-November/000865.html') diff --git a/zarb-ml/mageia-sysadm/2010-November/000865.html b/zarb-ml/mageia-sysadm/2010-November/000865.html new file mode 100644 index 000000000..7d542e109 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000865.html @@ -0,0 +1,199 @@ + + + + [Mageia-sysadm] [436] move the ldap key from ssh logic to openssh module ( more logical ), and add the hook in openssh config file + + + + + + + + + +

[Mageia-sysadm] [436] move the ldap key from ssh logic to openssh module ( more logical ), and add the hook in openssh config file

+ root at mageia.org + root at mageia.org +
+ Wed Nov 24 00:17:47 CET 2010 +

+
+ +
Revision: 436
+Author:   misc
+Date:     2010-11-24 00:17:47 +0100 (Wed, 24 Nov 2010)
+Log Message:
+-----------
+move the ldap key from ssh logic to openssh module ( more logical ), and add the hook in openssh config file
+
+Modified Paths:
+--------------
+    puppet/modules/openssh/manifests/init.pp
+    puppet/modules/openssh/templates/sshd_config
+    puppet/modules/restrictshell/manifests/init.pp
+
+Modified: puppet/modules/openssh/manifests/init.pp
+===================================================================
+--- puppet/modules/openssh/manifests/init.pp	2010-11-23 23:17:46 UTC (rev 435)
++++ puppet/modules/openssh/manifests/init.pp	2010-11-23 23:17:47 UTC (rev 436)
+@@ -22,4 +22,43 @@
+         require => Package["openssh-server"],
+         content => template("openssh/sshd_config")
+     }
++
++ 
++    class ssh_keys_from_ldap {
++
++        package { 'python-ldap':
++            ensure => installed,
++        }
++
++        $pubkeys_directory = "/var/lib/pubkeys"
++        file { $pubkeys_directory:
++            ensure => directory,
++            owner => root,
++            group => root,
++            mode => 755,
++        #    before => Class["openssh"] 
++        }
++
++        file { "$pubkeys_directory/root":
++            ensure => directory,
++            owner => root,
++            group => root,
++            mode => 700,
++        }
++
++        file { "$pubkeys_directory/root/authorized_keys":
++            ensure => "/root/.ssh/authorized_keys",
++            mode => 700,
++        }
++
++        $ldap_pwfile = "/etc/ldap.secret"
++        file { '/usr/local/bin/ldap-sshkey2file.py':
++            ensure => present,
++            owner => root,
++            group => root,
++            mode => 755,
++            content => template("restrictshell/ldap-sshkey2file.py"),
++            require => Package['python-ldap']
++        }
++    } 
+ }
+
+Modified: puppet/modules/openssh/templates/sshd_config
+===================================================================
+--- puppet/modules/openssh/templates/sshd_config	2010-11-23 23:17:46 UTC (rev 435)
++++ puppet/modules/openssh/templates/sshd_config	2010-11-23 23:17:47 UTC (rev 436)
+@@ -45,6 +45,11 @@
+ #PubkeyAuthentication yes
+ #AuthorizedKeysFile	.ssh/authorized_keys
+ 
++<% if all_tags.include?('openssh::ssh_keys_from_ldap')  %>
++AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys
++<% end %>
++
++
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
+ # similar for protocol version 2
+
+Modified: puppet/modules/restrictshell/manifests/init.pp
+===================================================================
+--- puppet/modules/restrictshell/manifests/init.pp	2010-11-23 23:17:46 UTC (rev 435)
++++ puppet/modules/restrictshell/manifests/init.pp	2010-11-23 23:17:47 UTC (rev 436)
+@@ -23,44 +23,7 @@
+             content => template("restrictshell/membersh-conf.pl"),
+         }
+     }
+-    
+-    class ssh_keys_from_ldap {
+ 
+-        package { 'python-ldap':
+-            ensure => installed,
+-        }
+-
+-        $pubkeys_directory = "/var/lib/pubkeys"
+-        file { $pubkeys_directory:
+-            ensure => directory,
+-            owner => root,
+-            group => root,
+-            mode => 755,
+-        }
+-
+-        file { "$pubkeys_directory/root":
+-            ensure => directory,
+-            owner => root,
+-            group => root,
+-            mode => 700,
+-        }
+-
+-        file { "$pubkeys_directory/root/authorized_keys":
+-            ensure => "/root/.ssh/authorized_keys",
+-            mode => 700,
+-        }
+-
+-        $ldap_pwfile = "/etc/ldap.secret"
+-        file { '/usr/local/bin/ldap-sshkey2file.py':
+-            ensure => present,
+-            owner => root,
+-            group => root,
+-            mode => 755,
+-            content => template("restrictshell/ldap-sshkey2file.py"),
+-            requires => Package['python-ldap']
+-        } 
+-    }
+-
+     define allow {
+         include shell
+         file { "/etc/membersh-conf.d/allow_$name.pl":
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20101124/2bf5a314/attachment-0001.html>
+
+ + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-sysadm +mailing list
+ -- cgit v1.2.1