Revision

785

Author

misc

Date

2011-01-13 20:41:24 +0100 (Thu, 13 Jan 2011)

Log Message

- allow to set access without forcing the restricted shell ( should
be done by openssh in fact, but that's easier to do like this for now )

Modified Paths

• puppet/modules/pam/manifests/init.pp
• puppet/modules/pam/templates/ldap.conf

Modified: puppet/modules/pam/manifests/init.pp
===================================================================
--- puppet/modules/pam/manifests/init.pp	2011-01-13 18:59:25 UTC (rev 784)
+++ puppet/modules/pam/manifests/init.pp	2011-01-13 19:41:24 UTC (rev 785)
@@ -44,7 +44,10 @@
       }
   } 
 
-  define multiple_ldap_access($access_classes) {
+  define multiple_ldap_access($access_classes,$restricted_shell = false) {
+    if $restricted_shell {
+      include restricted_shell
+    }
     include base
   }
 }

Modified: puppet/modules/pam/templates/ldap.conf
===================================================================
--- puppet/modules/pam/templates/ldap.conf	2011-01-13 18:59:25 UTC (rev 784)
+++ puppet/modules/pam/templates/ldap.conf	2011-01-13 19:41:24 UTC (rev 785)
@@ -15,7 +15,7 @@
 sudoers_base ou=sudoers,<%= dc_suffix %>
 #sudoers_debug 2
 
-<% if access_class = 'commiters' %>
+<% if restricted_shell %>
 # for restricted access
 nss_override_attribute_value loginShell /usr/local/bin/sv_membersh.pl
 <% end %>