From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-sysadm/2011-January/001828.html | 766 +++++++++++++++++++++++++ 1 file changed, 766 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/2011-January/001828.html (limited to 'zarb-ml/mageia-sysadm/2011-January/001828.html') diff --git a/zarb-ml/mageia-sysadm/2011-January/001828.html b/zarb-ml/mageia-sysadm/2011-January/001828.html new file mode 100644 index 000000000..fbaf2e0d5 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2011-January/001828.html @@ -0,0 +1,766 @@ + + + + [Mageia-sysadm] [745] move ssh::auth module to external as this is a external module ( so we can more easily keep track of it ) + + + + + + + + + +

[Mageia-sysadm] [745] move ssh::auth module to external as this is a external module ( so we can more easily keep track of it )

+ root at mageia.org + root at mageia.org +
+ Sun Jan 9 12:15:12 CET 2011 +

+
+ +
Revision: 745
+Author:   misc
+Date:     2011-01-09 12:15:12 +0100 (Sun, 09 Jan 2011)
+Log Message:
+-----------
+move ssh::auth module to external as this is a external module ( so we can more easily keep track of it )
+
+Added Paths:
+-----------
+    puppet/external/
+    puppet/external/ssh/
+    puppet/external/ssh/manifests/
+    puppet/external/ssh/manifests/auth.pp
+
+Removed Paths:
+-------------
+    puppet/modules/ssh/manifests/auth.pp
+
+Copied: puppet/external/ssh/manifests/auth.pp (from rev 744, puppet/modules/ssh/manifests/auth.pp)
+===================================================================
+--- puppet/external/ssh/manifests/auth.pp	                        (rev 0)
++++ puppet/external/ssh/manifests/auth.pp	2011-01-09 11:15:12 UTC (rev 745)
+@@ -0,0 +1,336 @@
++# =========                                                 
++# ssh::auth                                                 
++# =========                                                 
++#                                                           
++# The latest official release and documentation for ssh::auth can always
++# be found at http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth .
++#                                                                              
++# Version:          0.3.2                                                      
++# Release date:     2009-12-29                                                 
++
++class ssh::auth {
++
++$keymaster_storage = "/var/lib/keys" 
++
++Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" }
++Notify { withpath => false }                    
++
++
++##########################################################################
++
++
++# ssh::auth::key 
++
++# Declare keys.  The approach here is just to define a bunch of
++# virtual resources, representing key files on the keymaster, client,
++# and server.  The virtual keys are then realized by                 
++# ssh::auth::{keymaster,client,server}, respectively.  The reason for
++# doing things that way is that it makes ssh::auth::key into a "one  
++# stop shop" where users can declare their keys with all of their    
++# parameters, whether those parameters apply to the keymaster, server,
++# or client.  The real work of creating, installing, and removing keys
++# is done in the private definitions called by the virtual resources: 
++# ssh_auth_key_{master,server,client}.                                
++
++define key ($ensure = "present", $filename = "", $force = false, $group = "puppet", $home = "", $keytype = "rsa", $length = 2048, $maxdays = "", $mindate = "", $options = "", $user = "") {                                                                                                                                                    
++
++  ssh_auth_key_namecheck { "${title}-title": parm => "title", value => $title }
++
++  # apply defaults
++  $_filename = $filename ? { "" => "id_${keytype}", default => $filename }
++  $_length = $keytype ? { "rsa" => $length, "dsa" => 1024 }               
++  $_user = $user ? {                                                      
++    ""      => regsubst($title, '^([^@]*)@?.*$', '\1'),                   
++    default => $user,                                                     
++  }                                                                       
++  $_home = $home ? { "" => "/home/$_user",  default => $home }            
++
++  ssh_auth_key_namecheck { "${title}-filename": parm => "filename", value => $_filename }
++
++  @ssh_auth_key_master { $title:
++    ensure  => $ensure,         
++    force   => $force,          
++    keytype => $keytype,        
++    length  => $_length,        
++    maxdays => $maxdays,        
++    mindate => $mindate,        
++  }                             
++  @ssh_auth_key_client { $title:
++    ensure   => $ensure,        
++    filename => $_filename,     
++    group    => $group,         
++    home     => $_home,         
++    user     => $_user,         
++  }                             
++  @ssh_auth_key_server { $title:
++    ensure  => $ensure,         
++    group   => $group,          
++    home    => $_home,          
++    options => $options,        
++    user    => $_user,          
++  }                             
++}                               
++
++
++##########################################################################
++
++
++# ssh::auth::keymaster
++#                     
++# Keymaster host:     
++# Create key storage; create, regenerate, and remove key pairs
++
++class keymaster {
++
++  # Set up key storage
++
++  file { $ssh::auth::keymaster_storage:
++    ensure => directory,               
++    owner  => puppet,                  
++    group  => puppet,                  
++    mode   => 644,                     
++  }                                    
++                                       
++  # Realize all virtual master keys    
++  Ssh_auth_key_master <| |>            
++
++} # class keymaster
++
++
++##########################################################################
++
++
++# ssh::auth::client
++#                  
++# Install generated key pairs onto clients
++
++define client ($ensure = "", $filename = "", $group = "", $home = "", $user = "") {
++
++  # Realize the virtual client keys.
++  # Override the defaults set in ssh::auth::key, as needed.
++  if $ensure   { Ssh_auth_key_client <| title == $title |> { ensure   => $ensure   } }
++  if $filename { Ssh_auth_key_client <| title == $title |> { filename => $filename } }
++  if $group    { Ssh_auth_key_client <| title == $title |> { group    => $group    } }
++
++  if $user { Ssh_auth_key_client <| title == $title |> { user => $user, home => "/home/$user" } }
++  if $home { Ssh_auth_key_client <| title == $title |> { home => $home } }                       
++
++  realize Ssh_auth_key_client[$title]
++
++} # define client
++
++
++##########################################################################
++
++
++# ssh::auth::server
++#                  
++# Install public keys onto clients
++
++define server ($ensure = "", $group = "", $home = "", $options = "", $user = "") {
++
++  # Realize the virtual server keys.
++  # Override the defaults set in ssh::auth::key, as needed.
++  if $ensure  { Ssh_auth_key_server <| title == $title |> { ensure  => $ensure  } }
++  if $group   { Ssh_auth_key_server <| title == $title |> { group   => $group   } }
++  if $options { Ssh_auth_key_server <| title == $title |> { options => $options } }
++
++  if $user { Ssh_auth_key_server <| title == $title |> { user => $user, home => "/home/$user" } }
++  if $home { Ssh_auth_key_server <| title == $title |> { home => $home } }                       
++
++  realize Ssh_auth_key_server[$title]
++
++} # define server
++
++} # class ssh::auth
++
++
++##########################################################################
++
++
++# ssh_auth_key_master
++#                    
++# Create/regenerate/remove a key pair on the keymaster.
++# This definition is private, i.e. it is not intended to be called directly by users.
++# ssh::auth::key calls it to create virtual keys, which are realized in ssh::auth::keymaster.
++
++define ssh_auth_key_master ($ensure, $force, $keytype, $length, $maxdays, $mindate) {
++
++  Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" }
++  File {                                          
++    owner => puppet,                              
++    group => puppet,                              
++    mode  => 600,                                 
++  }                                               
++
++  $keydir = "${ssh::auth::keymaster_storage}/${title}"
++  $keyfile = "${keydir}/key"                          
++
++  file { 
++    "$keydir":
++      ensure => directory,
++      mode   => 644;      
++    "$keyfile":           
++      ensure => $ensure;  
++    "${keyfile}.pub":     
++      ensure => $ensure,  
++      mode   => 644;      
++  }                       
++
++  if $ensure == "present" {
++
++    # Remove the existing key pair, if
++    # * $force is true, or            
++    # * $maxdays or $mindate criteria aren't met, or
++    # * $keytype or $length have changed            
++
++    $keycontent = file("${keyfile}.pub", "/dev/null")
++    if $keycontent {                                 
++
++      if $force {
++        $reason = "force=true"
++      }                       
++      if !$reason and $mindate and generate("/usr/bin/find", $keyfile, "!", "-newermt", "${mindate}") {
++        $reason = "created before ${mindate}"                                                          
++      }                                                                                                
++      if !$reason and $maxdays and generate("/usr/bin/find", $keyfile, "-mtime", "+${maxdays}") {      
++        $reason = "older than ${maxdays} days"                                                         
++      }                                                                                                
++      if !$reason and $keycontent =~ /^ssh-... [^ ]+ (...) (\d+)$/ {                                   
++        if       $keytype != $1 { $reason = "keytype changed: $1 -> $keytype" }                        
++        else { if $length != $2 { $reason = "length changed: $2 -> $length" } }                        
++      }                                                                                                
++      if $reason {                                                                                     
++        exec { "Revoke previous key ${title}: ${reason}":                                              
++          command => "rm $keyfile ${keyfile}.pub",                                                     
++          before  => Exec["Create key $title: $keytype, $length bits"],                                
++        }                                                                                              
++      }                                                                                                
++    }                                                                                                  
++
++    # Create the key pair.
++    # We "repurpose" the comment field in public keys on the keymaster to
++    # store data about the key, i.e. $keytype and $length.  This avoids  
++    # having to rerun ssh-keygen -l on every key at every run to determine
++    # the key length.                                                     
++    exec { "Create key $title: $keytype, $length bits":                   
++      command => "ssh-keygen -t ${keytype} -b ${length} -f ${keyfile} -C \"${keytype} ${length}\" -N \"\"",
++      user    => "puppet",                                                                                 
++      group   => "puppet",                                                                                 
++      creates => $keyfile,                                                                                 
++      require => File[$keydir],                                                                            
++      before  => File[$keyfile, "${keyfile}.pub"],                                                         
++    }                                                                                                      
++
++  } # if $ensure  == "present"
++
++} # define ssh_auth_key_master
++
++
++##########################################################################
++
++
++# ssh_auth_key_client
++#                    
++# Install a key pair into a user's account.
++# This definition is private, i.e. it is not intended to be called directly by users.
++
++define ssh_auth_key_client ($ensure, $filename, $group, $home, $user) {
++
++  File {
++    owner   => $user,
++    group   => $group,
++    mode    => 600,   
++    require => [ User[$user], File[$home]],
++  }                                                    
++
++  $key_src_file = "${ssh::auth::keymaster_storage}/${title}/key" # on the keymaster
++  $key_tgt_file = "${home}/.ssh/${filename}" # on the client                       
++
++  $key_src_content_pub = file("${key_src_file}.pub", "/dev/null")
++  if $ensure == "absent" or $key_src_content_pub =~ /^(ssh-...) ([^ ]+)/ {
++    $keytype = $1                                                         
++    $modulus = $2                                                         
++    file {                                                                
++      $key_tgt_file:                                                      
++        ensure  => $ensure,                                               
++        content => file($key_src_file, "/dev/null");                      
++      "${key_tgt_file}.pub":                                              
++        ensure  => $ensure,                                               
++        content => "$keytype $modulus $title\n",                          
++        mode    => 644;                                                   
++    }                                                                     
++  } else {                                                                
++    notify { "Private key file $key_src_file for key $title not found on keymaster; skipping ensure => present": }
++  }                                                                                                               
++
++} # define ssh_auth_key_client
++
++
++##########################################################################
++
++
++# ssh_auth_key_server
++#                    
++# Install a public key into a server user's authorized_keys(5) file.
++# This definition is private, i.e. it is not intended to be called directly by users.
++
++define ssh_auth_key_server ($ensure, $group, $home, $options, $user) {
++
++  # on the keymaster:
++  $key_src_dir = "${ssh::auth::keymaster_storage}/${title}"
++  $key_src_file = "${key_src_dir}/key.pub"                 
++  # on the server:                                         
++  $key_tgt_file = "${home}/.ssh/authorized_keys"           
++                                                           
++  File {                                                   
++    owner   => $user,                                      
++    group   => $group,                                     
++    require => User[$user],                                
++    mode    => 600,                                        
++  }                                                        
++  Ssh_authorized_key {                                     
++    user   => $user,                                       
++    target => $key_tgt_file,                               
++  }                                                        
++
++  if $ensure == "absent" {
++    ssh_authorized_key { $title: ensure => "absent" }
++  }                                                  
++  else {
++    $key_src_content = file($key_src_file, "/dev/null")
++    if ! $key_src_content {
++      notify { "Public key file $key_src_file for key $title not found on keymaster; skipping ensure => present": }
++    } else { if $ensure == "present" and $key_src_content !~ /^(ssh-...) ([^ ]*)/ {
++      err("Can't parse public key file $key_src_file")
++      notify { "Can't parse public key file $key_src_file for key $title on the keymaster: skipping ensure => $ensure": }
++    } else {
++      $keytype = $1
++      $modulus = $2
++      ssh_authorized_key { $title:
++        ensure  => "present",
++        type    => $keytype,
++        key     => $modulus,
++        options => $options ? { "" => undef, default => $options },
++      }
++    }} # if ... else ... else
++  } # if ... else
++
++} # define ssh_auth_key_server
++
++
++##########################################################################
++
++
++# ssh_auth_key_namecheck
++#
++# Check a name (e.g. key title or filename) for the allowed form
++
++define ssh_auth_key_namecheck ($parm, $value) {
++  if $value !~ /^[A-Za-z0-9]/ {
++    fail("ssh::auth::key: $parm '$value' not allowed: must begin with a letter or digit")
++  }
++  if $value !~ /^[A-Za-z0-9_.:@-]+$/ {
++    fail("ssh::auth::key: $parm '$value' not allowed: may only contain the characters A-Za-z0-9_.:@-")
++  }
++} # define namecheck
+
+Deleted: puppet/modules/ssh/manifests/auth.pp
+===================================================================
+--- puppet/modules/ssh/manifests/auth.pp	2011-01-09 11:15:11 UTC (rev 744)
++++ puppet/modules/ssh/manifests/auth.pp	2011-01-09 11:15:12 UTC (rev 745)
+@@ -1,336 +0,0 @@
+-# =========                                                 
+-# ssh::auth                                                 
+-# =========                                                 
+-#                                                           
+-# The latest official release and documentation for ssh::auth can always
+-# be found at http://reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth .
+-#                                                                              
+-# Version:          0.3.2                                                      
+-# Release date:     2009-12-29                                                 
+-
+-class ssh::auth {
+-
+-$keymaster_storage = "/var/lib/keys" 
+-
+-Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" }
+-Notify { withpath => false }                    
+-
+-
+-##########################################################################
+-
+-
+-# ssh::auth::key 
+-
+-# Declare keys.  The approach here is just to define a bunch of
+-# virtual resources, representing key files on the keymaster, client,
+-# and server.  The virtual keys are then realized by                 
+-# ssh::auth::{keymaster,client,server}, respectively.  The reason for
+-# doing things that way is that it makes ssh::auth::key into a "one  
+-# stop shop" where users can declare their keys with all of their    
+-# parameters, whether those parameters apply to the keymaster, server,
+-# or client.  The real work of creating, installing, and removing keys
+-# is done in the private definitions called by the virtual resources: 
+-# ssh_auth_key_{master,server,client}.                                
+-
+-define key ($ensure = "present", $filename = "", $force = false, $group = "puppet", $home = "", $keytype = "rsa", $length = 2048, $maxdays = "", $mindate = "", $options = "", $user = "") {                                                                                                                                                    
+-
+-  ssh_auth_key_namecheck { "${title}-title": parm => "title", value => $title }
+-
+-  # apply defaults
+-  $_filename = $filename ? { "" => "id_${keytype}", default => $filename }
+-  $_length = $keytype ? { "rsa" => $length, "dsa" => 1024 }               
+-  $_user = $user ? {                                                      
+-    ""      => regsubst($title, '^([^@]*)@?.*$', '\1'),                   
+-    default => $user,                                                     
+-  }                                                                       
+-  $_home = $home ? { "" => "/home/$_user",  default => $home }            
+-
+-  ssh_auth_key_namecheck { "${title}-filename": parm => "filename", value => $_filename }
+-
+-  @ssh_auth_key_master { $title:
+-    ensure  => $ensure,         
+-    force   => $force,          
+-    keytype => $keytype,        
+-    length  => $_length,        
+-    maxdays => $maxdays,        
+-    mindate => $mindate,        
+-  }                             
+-  @ssh_auth_key_client { $title:
+-    ensure   => $ensure,        
+-    filename => $_filename,     
+-    group    => $group,         
+-    home     => $_home,         
+-    user     => $_user,         
+-  }                             
+-  @ssh_auth_key_server { $title:
+-    ensure  => $ensure,         
+-    group   => $group,          
+-    home    => $_home,          
+-    options => $options,        
+-    user    => $_user,          
+-  }                             
+-}                               
+-
+-
+-##########################################################################
+-
+-
+-# ssh::auth::keymaster
+-#                     
+-# Keymaster host:     
+-# Create key storage; create, regenerate, and remove key pairs
+-
+-class keymaster {
+-
+-  # Set up key storage
+-
+-  file { $ssh::auth::keymaster_storage:
+-    ensure => directory,               
+-    owner  => puppet,                  
+-    group  => puppet,                  
+-    mode   => 644,                     
+-  }                                    
+-                                       
+-  # Realize all virtual master keys    
+-  Ssh_auth_key_master <| |>            
+-
+-} # class keymaster
+-
+-
+-##########################################################################
+-
+-
+-# ssh::auth::client
+-#                  
+-# Install generated key pairs onto clients
+-
+-define client ($ensure = "", $filename = "", $group = "", $home = "", $user = "") {
+-
+-  # Realize the virtual client keys.
+-  # Override the defaults set in ssh::auth::key, as needed.
+-  if $ensure   { Ssh_auth_key_client <| title == $title |> { ensure   => $ensure   } }
+-  if $filename { Ssh_auth_key_client <| title == $title |> { filename => $filename } }
+-  if $group    { Ssh_auth_key_client <| title == $title |> { group    => $group    } }
+-
+-  if $user { Ssh_auth_key_client <| title == $title |> { user => $user, home => "/home/$user" } }
+-  if $home { Ssh_auth_key_client <| title == $title |> { home => $home } }                       
+-
+-  realize Ssh_auth_key_client[$title]
+-
+-} # define client
+-
+-
+-##########################################################################
+-
+-
+-# ssh::auth::server
+-#                  
+-# Install public keys onto clients
+-
+-define server ($ensure = "", $group = "", $home = "", $options = "", $user = "") {
+-
+-  # Realize the virtual server keys.
+-  # Override the defaults set in ssh::auth::key, as needed.
+-  if $ensure  { Ssh_auth_key_server <| title == $title |> { ensure  => $ensure  } }
+-  if $group   { Ssh_auth_key_server <| title == $title |> { group   => $group   } }
+-  if $options { Ssh_auth_key_server <| title == $title |> { options => $options } }
+-
+-  if $user { Ssh_auth_key_server <| title == $title |> { user => $user, home => "/home/$user" } }
+-  if $home { Ssh_auth_key_server <| title == $title |> { home => $home } }                       
+-
+-  realize Ssh_auth_key_server[$title]
+-
+-} # define server
+-
+-} # class ssh::auth
+-
+-
+-##########################################################################
+-
+-
+-# ssh_auth_key_master
+-#                    
+-# Create/regenerate/remove a key pair on the keymaster.
+-# This definition is private, i.e. it is not intended to be called directly by users.
+-# ssh::auth::key calls it to create virtual keys, which are realized in ssh::auth::keymaster.
+-
+-define ssh_auth_key_master ($ensure, $force, $keytype, $length, $maxdays, $mindate) {
+-
+-  Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" }
+-  File {                                          
+-    owner => puppet,                              
+-    group => puppet,                              
+-    mode  => 600,                                 
+-  }                                               
+-
+-  $keydir = "${ssh::auth::keymaster_storage}/${title}"
+-  $keyfile = "${keydir}/key"                          
+-
+-  file { 
+-    "$keydir":
+-      ensure => directory,
+-      mode   => 644;      
+-    "$keyfile":           
+-      ensure => $ensure;  
+-    "${keyfile}.pub":     
+-      ensure => $ensure,  
+-      mode   => 644;      
+-  }                       
+-
+-  if $ensure == "present" {
+-
+-    # Remove the existing key pair, if
+-    # * $force is true, or            
+-    # * $maxdays or $mindate criteria aren't met, or
+-    # * $keytype or $length have changed            
+-
+-    $keycontent = file("${keyfile}.pub", "/dev/null")
+-    if $keycontent {                                 
+-
+-      if $force {
+-        $reason = "force=true"
+-      }                       
+-      if !$reason and $mindate and generate("/usr/bin/find", $keyfile, "!", "-newermt", "${mindate}") {
+-        $reason = "created before ${mindate}"                                                          
+-      }                                                                                                
+-      if !$reason and $maxdays and generate("/usr/bin/find", $keyfile, "-mtime", "+${maxdays}") {      
+-        $reason = "older than ${maxdays} days"                                                         
+-      }                                                                                                
+-      if !$reason and $keycontent =~ /^ssh-... [^ ]+ (...) (\d+)$/ {                                   
+-        if       $keytype != $1 { $reason = "keytype changed: $1 -> $keytype" }                        
+-        else { if $length != $2 { $reason = "length changed: $2 -> $length" } }                        
+-      }                                                                                                
+-      if $reason {                                                                                     
+-        exec { "Revoke previous key ${title}: ${reason}":                                              
+-          command => "rm $keyfile ${keyfile}.pub",                                                     
+-          before  => Exec["Create key $title: $keytype, $length bits"],                                
+-        }                                                                                              
+-      }                                                                                                
+-    }                                                                                                  
+-
+-    # Create the key pair.
+-    # We "repurpose" the comment field in public keys on the keymaster to
+-    # store data about the key, i.e. $keytype and $length.  This avoids  
+-    # having to rerun ssh-keygen -l on every key at every run to determine
+-    # the key length.                                                     
+-    exec { "Create key $title: $keytype, $length bits":                   
+-      command => "ssh-keygen -t ${keytype} -b ${length} -f ${keyfile} -C \"${keytype} ${length}\" -N \"\"",
+-      user    => "puppet",                                                                                 
+-      group   => "puppet",                                                                                 
+-      creates => $keyfile,                                                                                 
+-      require => File[$keydir],                                                                            
+-      before  => File[$keyfile, "${keyfile}.pub"],                                                         
+-    }                                                                                                      
+-
+-  } # if $ensure  == "present"
+-
+-} # define ssh_auth_key_master
+-
+-
+-##########################################################################
+-
+-
+-# ssh_auth_key_client
+-#                    
+-# Install a key pair into a user's account.
+-# This definition is private, i.e. it is not intended to be called directly by users.
+-
+-define ssh_auth_key_client ($ensure, $filename, $group, $home, $user) {
+-
+-  File {
+-    owner   => $user,
+-    group   => $group,
+-    mode    => 600,   
+-    require => [ User[$user], File[$home]],
+-  }                                                    
+-
+-  $key_src_file = "${ssh::auth::keymaster_storage}/${title}/key" # on the keymaster
+-  $key_tgt_file = "${home}/.ssh/${filename}" # on the client                       
+-
+-  $key_src_content_pub = file("${key_src_file}.pub", "/dev/null")
+-  if $ensure == "absent" or $key_src_content_pub =~ /^(ssh-...) ([^ ]+)/ {
+-    $keytype = $1                                                         
+-    $modulus = $2                                                         
+-    file {                                                                
+-      $key_tgt_file:                                                      
+-        ensure  => $ensure,                                               
+-        content => file($key_src_file, "/dev/null");                      
+-      "${key_tgt_file}.pub":                                              
+-        ensure  => $ensure,                                               
+-        content => "$keytype $modulus $title\n",                          
+-        mode    => 644;                                                   
+-    }                                                                     
+-  } else {                                                                
+-    notify { "Private key file $key_src_file for key $title not found on keymaster; skipping ensure => present": }
+-  }                                                                                                               
+-
+-} # define ssh_auth_key_client
+-
+-
+-##########################################################################
+-
+-
+-# ssh_auth_key_server
+-#                    
+-# Install a public key into a server user's authorized_keys(5) file.
+-# This definition is private, i.e. it is not intended to be called directly by users.
+-
+-define ssh_auth_key_server ($ensure, $group, $home, $options, $user) {
+-
+-  # on the keymaster:
+-  $key_src_dir = "${ssh::auth::keymaster_storage}/${title}"
+-  $key_src_file = "${key_src_dir}/key.pub"                 
+-  # on the server:                                         
+-  $key_tgt_file = "${home}/.ssh/authorized_keys"           
+-                                                           
+-  File {                                                   
+-    owner   => $user,                                      
+-    group   => $group,                                     
+-    require => User[$user],                                
+-    mode    => 600,                                        
+-  }                                                        
+-  Ssh_authorized_key {                                     
+-    user   => $user,                                       
+-    target => $key_tgt_file,                               
+-  }                                                        
+-
+-  if $ensure == "absent" {
+-    ssh_authorized_key { $title: ensure => "absent" }
+-  }                                                  
+-  else {
+-    $key_src_content = file($key_src_file, "/dev/null")
+-    if ! $key_src_content {
+-      notify { "Public key file $key_src_file for key $title not found on keymaster; skipping ensure => present": }
+-    } else { if $ensure == "present" and $key_src_content !~ /^(ssh-...) ([^ ]*)/ {
+-      err("Can't parse public key file $key_src_file")
+-      notify { "Can't parse public key file $key_src_file for key $title on the keymaster: skipping ensure => $ensure": }
+-    } else {
+-      $keytype = $1
+-      $modulus = $2
+-      ssh_authorized_key { $title:
+-        ensure  => "present",
+-        type    => $keytype,
+-        key     => $modulus,
+-        options => $options ? { "" => undef, default => $options },
+-      }
+-    }} # if ... else ... else
+-  } # if ... else
+-
+-} # define ssh_auth_key_server
+-
+-
+-##########################################################################
+-
+-
+-# ssh_auth_key_namecheck
+-#
+-# Check a name (e.g. key title or filename) for the allowed form
+-
+-define ssh_auth_key_namecheck ($parm, $value) {
+-  if $value !~ /^[A-Za-z0-9]/ {
+-    fail("ssh::auth::key: $parm '$value' not allowed: must begin with a letter or digit")
+-  }
+-  if $value !~ /^[A-Za-z0-9_.:@-]+$/ {
+-    fail("ssh::auth::key: $parm '$value' not allowed: may only contain the characters A-Za-z0-9_.:@-")
+-  }
+-} # define namecheck
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20110109/99b92635/attachment-0001.html>
+
+ + + + + + + + + +
+

+ +
+More information about the Mageia-sysadm +mailing list
+ -- cgit v1.2.1