diff options
Diffstat (limited to 'grid5000/steps/data/setup/puppet/modules/env/templates/nfs/ldap/common-account.erb')
-rw-r--r-- | grid5000/steps/data/setup/puppet/modules/env/templates/nfs/ldap/common-account.erb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/grid5000/steps/data/setup/puppet/modules/env/templates/nfs/ldap/common-account.erb b/grid5000/steps/data/setup/puppet/modules/env/templates/nfs/ldap/common-account.erb new file mode 100644 index 0000000..6a44180 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/templates/nfs/ldap/common-account.erb @@ -0,0 +1,18 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. +# + +<% if scope.lookupvar('env::variant') == "std" %> +account sufficient pam_access.so accessfile=/etc/security/access.conf +account required pam_access.so accessfile=/var/lib/oar/access.conf +<% else -%> +account required pam_access.so accessfile=/etc/security/access.conf +<% end -%> + +account sufficient pam_ldap.so +account required pam_unix.so |