From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-sysadm/2011-January/002053.html | 156 +++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/2011-January/002053.html (limited to 'zarb-ml/mageia-sysadm/2011-January/002053.html') diff --git a/zarb-ml/mageia-sysadm/2011-January/002053.html b/zarb-ml/mageia-sysadm/2011-January/002053.html new file mode 100644 index 000000000..0d05b7710 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2011-January/002053.html @@ -0,0 +1,156 @@ + + + + [Mageia-sysadm] [779] allow to use multiple group for the access with pam + + + + + + + + + +

[Mageia-sysadm] [779] allow to use multiple group for the access with pam

+ root at mageia.org + root at mageia.org +
+ Thu Jan 13 19:12:31 CET 2011 +

+
+ +
Revision: 779
+Author:   misc
+Date:     2011-01-13 19:12:31 +0100 (Thu, 13 Jan 2011)
+Log Message:
+-----------
+allow to use multiple group for the access with pam
+
+Modified Paths:
+--------------
+    puppet/modules/pam/manifests/init.pp
+    puppet/modules/pam/templates/system-auth
+
+Modified: puppet/modules/pam/manifests/init.pp
+===================================================================
+--- puppet/modules/pam/manifests/init.pp	2011-01-13 18:12:29 UTC (rev 778)
++++ puppet/modules/pam/manifests/init.pp	2011-01-13 18:12:31 UTC (rev 779)
+@@ -43,13 +43,20 @@
+          content => template("pam/ldap.conf")
+       }
+   } 
++
++  define multiple_ldap_access($access_classes) {
++    include base
++  }
+  
+-  # beware , this two classes are exclusive
++  # beware , this two classes are exclusives
++  # if you need multiple group access, you need to define you own class
++  # of access  
+  
+   # for server where only admins can connect
+   class admin_access {
+-    $access_class = "admin"
+-    include base
++    multiple_ldap_access { "admin_access":
++        access_classes => ['mga-sysadmin']
++    }
+   }
+ 
+   # for server where people can connect with ssh ( git, svn )
+@@ -59,8 +66,11 @@
+     # user, and erase the password ( see pam_auth.c in openssh code, seek badpw )
+     # so the file must exist
+     # permission to use svn, git, etc must be added separatly
++     
+     include restrictshell::shell
+-    $access_class = "committers"
+-    include base
++
++    multiple_ldap_access { "committers_access":
++        access_classes => ['mga-commiters']
++    }
+   }
+ }
+
+Modified: puppet/modules/pam/templates/system-auth
+===================================================================
+--- puppet/modules/pam/templates/system-auth	2011-01-13 18:12:29 UTC (rev 778)
++++ puppet/modules/pam/templates/system-auth	2011-01-13 18:12:31 UTC (rev 779)
+@@ -9,13 +9,13 @@
+ 
+ 
+ account sufficient  pam_localuser.so
+-<%- if access_class == 'admin' -%>
+-account required    pam_succeed_if.so quiet user ingroup mga-sysadmin
++# not sure if the following bring something useful
++account required  pam_ldap.so
++<%- if access_classes -%>
++<%- access_classes.each { |ldap_group| -%>
++account sufficient   pam_succeed_if.so quiet user ingroup <%= ldap_group %>
++<%- } -%>
+ <%- end -%>
+-<%- if access_class == 'committers' -%>
+-account required    pam_succeed_if.so quiet user ingroup mga-committers
+-<%- end -%>
+-account sufficient  pam_ldap.so
+ account required    pam_deny.so
+ 
+ 
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20110113/68ffbda3/attachment-0001.html>
+
+ + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-sysadm +mailing list
+ -- cgit v1.2.1