[Mageia-sysadm] [436] move the ldap key from ssh logic to openssh module ( more logical ), and add the hook in openssh config file
root at mageia.org
root at mageia.org
Wed Nov 24 00:17:47 CET 2010
Revision: 436
Author: misc
Date: 2010-11-24 00:17:47 +0100 (Wed, 24 Nov 2010)
Log Message:
-----------
move the ldap key from ssh logic to openssh module ( more logical ), and add the hook in openssh config file
Modified Paths:
--------------
puppet/modules/openssh/manifests/init.pp
puppet/modules/openssh/templates/sshd_config
puppet/modules/restrictshell/manifests/init.pp
Modified: puppet/modules/openssh/manifests/init.pp
===================================================================
--- puppet/modules/openssh/manifests/init.pp 2010-11-23 23:17:46 UTC (rev 435)
+++ puppet/modules/openssh/manifests/init.pp 2010-11-23 23:17:47 UTC (rev 436)
@@ -22,4 +22,43 @@
require => Package["openssh-server"],
content => template("openssh/sshd_config")
}
+
+
+ class ssh_keys_from_ldap {
+
+ package { 'python-ldap':
+ ensure => installed,
+ }
+
+ $pubkeys_directory = "/var/lib/pubkeys"
+ file { $pubkeys_directory:
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => 755,
+ # before => Class["openssh"]
+ }
+
+ file { "$pubkeys_directory/root":
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => 700,
+ }
+
+ file { "$pubkeys_directory/root/authorized_keys":
+ ensure => "/root/.ssh/authorized_keys",
+ mode => 700,
+ }
+
+ $ldap_pwfile = "/etc/ldap.secret"
+ file { '/usr/local/bin/ldap-sshkey2file.py':
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 755,
+ content => template("restrictshell/ldap-sshkey2file.py"),
+ require => Package['python-ldap']
+ }
+ }
}
Modified: puppet/modules/openssh/templates/sshd_config
===================================================================
--- puppet/modules/openssh/templates/sshd_config 2010-11-23 23:17:46 UTC (rev 435)
+++ puppet/modules/openssh/templates/sshd_config 2010-11-23 23:17:47 UTC (rev 436)
@@ -45,6 +45,11 @@
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
+<% if all_tags.include?('openssh::ssh_keys_from_ldap') %>
+AuthorizedKeysFile /var/lib/config/pubkeys/%u/authorized_keys
+<% end %>
+
+
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
Modified: puppet/modules/restrictshell/manifests/init.pp
===================================================================
--- puppet/modules/restrictshell/manifests/init.pp 2010-11-23 23:17:46 UTC (rev 435)
+++ puppet/modules/restrictshell/manifests/init.pp 2010-11-23 23:17:47 UTC (rev 436)
@@ -23,44 +23,7 @@
content => template("restrictshell/membersh-conf.pl"),
}
}
-
- class ssh_keys_from_ldap {
- package { 'python-ldap':
- ensure => installed,
- }
-
- $pubkeys_directory = "/var/lib/pubkeys"
- file { $pubkeys_directory:
- ensure => directory,
- owner => root,
- group => root,
- mode => 755,
- }
-
- file { "$pubkeys_directory/root":
- ensure => directory,
- owner => root,
- group => root,
- mode => 700,
- }
-
- file { "$pubkeys_directory/root/authorized_keys":
- ensure => "/root/.ssh/authorized_keys",
- mode => 700,
- }
-
- $ldap_pwfile = "/etc/ldap.secret"
- file { '/usr/local/bin/ldap-sshkey2file.py':
- ensure => present,
- owner => root,
- group => root,
- mode => 755,
- content => template("restrictshell/ldap-sshkey2file.py"),
- requires => Package['python-ldap']
- }
- }
-
define allow {
include shell
file { "/etc/membersh-conf.d/allow_$name.pl":
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101124/2bf5a314/attachment-0001.html>
More information about the Mageia-sysadm
mailing list